diff --git a/bellman/src/domain.rs b/bellman/src/domain.rs index 4e24f18b0..47f8ff083 100644 --- a/bellman/src/domain.rs +++ b/bellman/src/domain.rs @@ -11,41 +11,40 @@ //! [`EvaluationDomain`]: crate::domain::EvaluationDomain //! [Groth16]: https://eprint.iacr.org/2016/260 -use ff::{Field, PrimeField, ScalarEngine}; +use ff::PrimeField; use group::CurveProjective; -use std::ops::{AddAssign, MulAssign, SubAssign}; use super::SynthesisError; use super::multicore::Worker; -pub struct EvaluationDomain> { +pub struct EvaluationDomain> { coeffs: Vec, exp: u32, - omega: E::Fr, - omegainv: E::Fr, - geninv: E::Fr, - minv: E::Fr, + omega: S, + omegainv: S, + geninv: S, + minv: S, } -impl> AsRef<[G]> for EvaluationDomain { +impl> AsRef<[G]> for EvaluationDomain { fn as_ref(&self) -> &[G] { &self.coeffs } } -impl> AsMut<[G]> for EvaluationDomain { +impl> AsMut<[G]> for EvaluationDomain { fn as_mut(&mut self) -> &mut [G] { &mut self.coeffs } } -impl> EvaluationDomain { +impl> EvaluationDomain { pub fn into_coeffs(self) -> Vec { self.coeffs } - pub fn from_coeffs(mut coeffs: Vec) -> Result, SynthesisError> { + pub fn from_coeffs(mut coeffs: Vec) -> Result, SynthesisError> { // Compute the size of our evaluation domain let mut m = 1; let mut exp = 0; @@ -55,14 +54,14 @@ impl> EvaluationDomain { // The pairing-friendly curve may not be able to support // large enough (radix2) evaluation domains. - if exp >= E::Fr::S { + if exp >= S::S { return Err(SynthesisError::PolynomialDegreeTooLarge); } } // Compute omega, the 2^exp primitive root of unity - let mut omega = E::Fr::root_of_unity(); - for _ in exp..E::Fr::S { + let mut omega = S::root_of_unity(); + for _ in exp..S::S { omega = omega.square(); } @@ -74,11 +73,8 @@ impl> EvaluationDomain { exp, omega, omegainv: omega.invert().unwrap(), - geninv: E::Fr::multiplicative_generator().invert().unwrap(), - minv: E::Fr::from_str(&format!("{}", m)) - .unwrap() - .invert() - .unwrap(), + geninv: S::multiplicative_generator().invert().unwrap(), + minv: S::from_str(&format!("{}", m)).unwrap().invert().unwrap(), }) } @@ -102,7 +98,7 @@ impl> EvaluationDomain { }); } - pub fn distribute_powers(&mut self, worker: &Worker, g: E::Fr) { + pub fn distribute_powers(&mut self, worker: &Worker, g: S) { worker.scope(self.coeffs.len(), |scope, chunk| { for (i, v) in self.coeffs.chunks_mut(chunk).enumerate() { scope.spawn(move |_scope| { @@ -117,7 +113,7 @@ impl> EvaluationDomain { } pub fn coset_fft(&mut self, worker: &Worker) { - self.distribute_powers(worker, E::Fr::multiplicative_generator()); + self.distribute_powers(worker, S::multiplicative_generator()); self.fft(worker); } @@ -130,9 +126,9 @@ impl> EvaluationDomain { /// This evaluates t(tau) for this domain, which is /// tau^m - 1 for these radix-2 domains. - pub fn z(&self, tau: &E::Fr) -> E::Fr { + pub fn z(&self, tau: &S) -> S { let mut tmp = tau.pow_vartime(&[self.coeffs.len() as u64]); - tmp.sub_assign(&E::Fr::one()); + tmp.sub_assign(&S::one()); tmp } @@ -141,7 +137,7 @@ impl> EvaluationDomain { /// evaluation domain, so we must perform division over /// a coset. pub fn divide_by_z_on_coset(&mut self, worker: &Worker) { - let i = self.z(&E::Fr::multiplicative_generator()).invert().unwrap(); + let i = self.z(&S::multiplicative_generator()).invert().unwrap(); worker.scope(self.coeffs.len(), |scope, chunk| { for v in self.coeffs.chunks_mut(chunk) { @@ -155,7 +151,7 @@ impl> EvaluationDomain { } /// Perform O(n) multiplication of two polynomials in the domain. - pub fn mul_assign(&mut self, worker: &Worker, other: &EvaluationDomain>) { + pub fn mul_assign(&mut self, worker: &Worker, other: &EvaluationDomain>) { assert_eq!(self.coeffs.len(), other.coeffs.len()); worker.scope(self.coeffs.len(), |scope, chunk| { @@ -174,7 +170,7 @@ impl> EvaluationDomain { } /// Perform O(n) subtraction of one polynomial from another in the domain. - pub fn sub_assign(&mut self, worker: &Worker, other: &EvaluationDomain) { + pub fn sub_assign(&mut self, worker: &Worker, other: &EvaluationDomain) { assert_eq!(self.coeffs.len(), other.coeffs.len()); worker.scope(self.coeffs.len(), |scope, chunk| { @@ -193,9 +189,9 @@ impl> EvaluationDomain { } } -pub trait Group: Sized + Copy + Clone + Send + Sync { +pub trait Group: Sized + Copy + Clone + Send + Sync { fn group_zero() -> Self; - fn group_mul_assign(&mut self, by: &E::Fr); + fn group_mul_assign(&mut self, by: &Scalar); fn group_add_assign(&mut self, other: &Self); fn group_sub_assign(&mut self, other: &Self); } @@ -216,7 +212,7 @@ impl Clone for Point { } } -impl> Group for Point { +impl Group for Point { fn group_zero() -> Self { Point(G::identity()) } @@ -231,27 +227,27 @@ impl> Group for Point } } -pub struct Scalar(pub E::Fr); +pub struct Scalar(pub S); -impl PartialEq for Scalar { - fn eq(&self, other: &Scalar) -> bool { +impl PartialEq for Scalar { + fn eq(&self, other: &Scalar) -> bool { self.0 == other.0 } } -impl Copy for Scalar {} +impl Copy for Scalar {} -impl Clone for Scalar { - fn clone(&self) -> Scalar { +impl Clone for Scalar { + fn clone(&self) -> Scalar { *self } } -impl Group for Scalar { +impl Group for Scalar { fn group_zero() -> Self { - Scalar(E::Fr::zero()) + Scalar(S::zero()) } - fn group_mul_assign(&mut self, by: &E::Fr) { + fn group_mul_assign(&mut self, by: &S) { self.0.mul_assign(by); } fn group_add_assign(&mut self, other: &Self) { @@ -262,7 +258,7 @@ impl Group for Scalar { } } -fn best_fft>(a: &mut [T], worker: &Worker, omega: &E::Fr, log_n: u32) { +fn best_fft>(a: &mut [T], worker: &Worker, omega: &S, log_n: u32) { let log_cpus = worker.log_num_cpus(); if log_n <= log_cpus { @@ -272,7 +268,7 @@ fn best_fft>(a: &mut [T], worker: &Worker, omega: & } } -fn serial_fft>(a: &mut [T], omega: &E::Fr, log_n: u32) { +fn serial_fft>(a: &mut [T], omega: &S, log_n: u32) { fn bitreverse(mut n: u32, l: u32) -> u32 { let mut r = 0; for _ in 0..l { @@ -298,7 +294,7 @@ fn serial_fft>(a: &mut [T], omega: &E::Fr, log_n: u let mut k = 0; while k < n { - let mut w = E::Fr::one(); + let mut w = S::one(); for j in 0..m { let mut t = a[(k + j + m) as usize]; t.group_mul_assign(&w); @@ -316,10 +312,10 @@ fn serial_fft>(a: &mut [T], omega: &E::Fr, log_n: u } } -fn parallel_fft>( +fn parallel_fft>( a: &mut [T], worker: &Worker, - omega: &E::Fr, + omega: &S, log_n: u32, log_cpus: u32, ) { @@ -339,7 +335,7 @@ fn parallel_fft>( let omega_j = omega.pow_vartime(&[j as u64]); let omega_step = omega.pow_vartime(&[(j as u64) << log_new_n]); - let mut elt = E::Fr::one(); + let mut elt = S::one(); for (i, tmp) in tmp.iter_mut().enumerate() { for s in 0..num_cpus { let idx = (i + (s << log_new_n)) % (1 << log_n); @@ -379,23 +375,19 @@ fn parallel_fft>( #[cfg(feature = "pairing")] #[test] fn polynomial_arith() { - use pairing::bls12_381::Bls12; + use pairing::bls12_381::Fr; use rand_core::RngCore; - fn test_mul(rng: &mut R) { + fn test_mul(rng: &mut R) { let worker = Worker::new(); for coeffs_a in 0..70 { for coeffs_b in 0..70 { - let mut a: Vec<_> = (0..coeffs_a) - .map(|_| Scalar::(E::Fr::random(rng))) - .collect(); - let mut b: Vec<_> = (0..coeffs_b) - .map(|_| Scalar::(E::Fr::random(rng))) - .collect(); + let mut a: Vec<_> = (0..coeffs_a).map(|_| Scalar::(S::random(rng))).collect(); + let mut b: Vec<_> = (0..coeffs_b).map(|_| Scalar::(S::random(rng))).collect(); // naive evaluation - let mut naive = vec![Scalar(E::Fr::zero()); coeffs_a + coeffs_b]; + let mut naive = vec![Scalar(S::zero()); coeffs_a + coeffs_b]; for (i1, a) in a.iter().enumerate() { for (i2, b) in b.iter().enumerate() { let mut prod = *a; @@ -404,8 +396,8 @@ fn polynomial_arith() { } } - a.resize(coeffs_a + coeffs_b, Scalar(E::Fr::zero())); - b.resize(coeffs_a + coeffs_b, Scalar(E::Fr::zero())); + a.resize(coeffs_a + coeffs_b, Scalar(S::zero())); + b.resize(coeffs_a + coeffs_b, Scalar(S::zero())); let mut a = EvaluationDomain::from_coeffs(a).unwrap(); let mut b = EvaluationDomain::from_coeffs(b).unwrap(); @@ -424,16 +416,16 @@ fn polynomial_arith() { let rng = &mut rand::thread_rng(); - test_mul::(rng); + test_mul::(rng); } #[cfg(feature = "pairing")] #[test] fn fft_composition() { - use pairing::bls12_381::Bls12; + use pairing::bls12_381::Fr; use rand_core::RngCore; - fn test_comp(rng: &mut R) { + fn test_comp(rng: &mut R) { let worker = Worker::new(); for coeffs in 0..10 { @@ -441,7 +433,7 @@ fn fft_composition() { let mut v = vec![]; for _ in 0..coeffs { - v.push(Scalar::(E::Fr::random(rng))); + v.push(Scalar::(S::random(rng))); } let mut domain = EvaluationDomain::from_coeffs(v.clone()).unwrap(); @@ -462,17 +454,17 @@ fn fft_composition() { let rng = &mut rand::thread_rng(); - test_comp::(rng); + test_comp::(rng); } #[cfg(feature = "pairing")] #[test] fn parallel_fft_consistency() { - use pairing::bls12_381::Bls12; + use pairing::bls12_381::Fr; use rand_core::RngCore; use std::cmp::min; - fn test_consistency(rng: &mut R) { + fn test_consistency(rng: &mut R) { let worker = Worker::new(); for _ in 0..5 { @@ -480,7 +472,7 @@ fn parallel_fft_consistency() { let d = 1 << log_d; let v1 = (0..d) - .map(|_| Scalar::(E::Fr::random(rng))) + .map(|_| Scalar::(S::random(rng))) .collect::>(); let mut v1 = EvaluationDomain::from_coeffs(v1).unwrap(); let mut v2 = EvaluationDomain::from_coeffs(v1.coeffs.clone()).unwrap(); @@ -497,5 +489,5 @@ fn parallel_fft_consistency() { let rng = &mut rand::thread_rng(); - test_consistency::(rng); + test_consistency::(rng); } diff --git a/bellman/src/gadgets/blake2s.rs b/bellman/src/gadgets/blake2s.rs index 79c42e48b..226563d42 100644 --- a/bellman/src/gadgets/blake2s.rs +++ b/bellman/src/gadgets/blake2s.rs @@ -4,7 +4,7 @@ use super::{boolean::Boolean, multieq::MultiEq, uint32::UInt32}; use crate::{ConstraintSystem, SynthesisError}; -use ff::ScalarEngine; +use ff::PrimeField; /* 2.1. Parameters @@ -79,7 +79,7 @@ const SIGMA: [[usize; 16]; 10] = [ END FUNCTION. */ -fn mixing_g, M>( +fn mixing_g, M>( mut cs: M, v: &mut [UInt32], a: usize, @@ -90,7 +90,7 @@ fn mixing_g, M>( y: &UInt32, ) -> Result<(), SynthesisError> where - M: ConstraintSystem>, + M: ConstraintSystem>, { v[a] = UInt32::addmany( cs.namespace(|| "mixing step 1"), @@ -164,7 +164,7 @@ where END FUNCTION. */ -fn blake2s_compression>( +fn blake2s_compression>( mut cs: CS, h: &mut [UInt32], m: &[UInt32], @@ -337,7 +337,7 @@ fn blake2s_compression>( END FUNCTION. */ -pub fn blake2s>( +pub fn blake2s>( mut cs: CS, input: &[Boolean], personalization: &[u8], @@ -409,7 +409,7 @@ pub fn blake2s>( mod test { use blake2s_simd::Params as Blake2sParams; use hex_literal::hex; - use pairing::bls12_381::Bls12; + use pairing::bls12_381::Fr; use rand_core::{RngCore, SeedableRng}; use rand_xorshift::XorShiftRng; @@ -420,7 +420,7 @@ mod test { #[test] fn test_blank_hash() { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let input_bits = vec![]; let out = blake2s(&mut cs, &input_bits, b"12345678").unwrap(); assert!(cs.is_satisfied()); @@ -443,7 +443,7 @@ mod test { #[test] fn test_blake2s_constraints() { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let input_bits: Vec<_> = (0..512) .map(|i| { AllocatedBit::alloc(cs.namespace(|| format!("input bit {}", i)), Some(true)) @@ -461,7 +461,7 @@ mod test { // Test that 512 fixed leading bits (constants) // doesn't result in more constraints. - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let mut rng = XorShiftRng::from_seed([ 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, 0xe5, @@ -481,7 +481,7 @@ mod test { #[test] fn test_blake2s_constant_constraints() { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let mut rng = XorShiftRng::from_seed([ 0x59, 0x62, 0xbe, 0x5d, 0x76, 0x3d, 0x31, 0x8d, 0x17, 0xdb, 0x37, 0x32, 0x54, 0x06, 0xbc, 0xe5, @@ -512,7 +512,7 @@ mod test { let hash_result = h.finalize(); - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let mut input_bits = vec![]; @@ -559,7 +559,7 @@ mod test { let data: Vec = hex!("be9f9c485e670acce8b1516a378176161b20583637b6f1c536fbc1158a0a3296831df2920e57a442d5738f4be4dd6be89dd7913fc8b4d1c0a815646a4d674b77f7caf313bd880bf759fcac27037c48c2b2a20acd2fd5248e3be426c84a341c0a3c63eaf36e0d537d10b8db5c6e4c801832c41eb1a3ed602177acded8b4b803bd34339d99a18b71df399641cc8dfae2ad193fcd74b5913e704551777160d14c78f2e8d5c32716a8599c1080cb89a40ccd6ba596694a8b4a065d9f2d0667ef423ed2e418093caff884540858b4f4b62acd47edcea880523e1b1cda8eb225c128c2e9e83f14f6e7448c5733a195cac7d79a53dde5083172462c45b2f799e42af1c9").to_vec(); assert_eq!(data.len(), 256); - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let mut input_bits = vec![]; @@ -596,7 +596,7 @@ mod test { let data: Vec = hex!("5dcfe8bab4c758d2eb1ddb7ef337583e0df3e2c358e1755b7cd303a658de9a1227eed1d1114179a5c3c38d692ff2cf2d4e5c92a9516de750106774bbf9f7d063f707f4c9b6a02c0a77e4feb99e036c3ccaee7d1a31cb144093aa074bc9da608f8ff30b39c3c60e4a243cc0bbd406d1262a7d6607b31c60275c6bcc8b0ac49a06a4b629a98693c5f7640f3bca45e4977cfabc5b17f52838af3433b1fd407dbbdc131e8e4bd58bcee85bbab4b57b656c6a2ec6cf852525bc8423675e2bf29159139cd5df99db94719f3f7167230e0d5bd76f6d7891b656732cef9c3c0d48a5fa3d7a879988157b39015a85451b25af0301ca5e759ac35fea79dca38c673ec6db9f3885d9103e2dcb3304bd3d59b0b1d01babc97ef8a74d91b6ab6bf50f29eb5adf7250a28fd85db37bff0133193635da69caeefc72979cf3bef1d2896d847eea7e8a81e0927893dbd010feb6fb845d0399007d9a148a0596d86cd8f4192631f975c560f4de8da5f712c161342063af3c11029d93d6df7ff46db48343499de9ec4786cac059c4025ef418c9fe40132428ff8b91259d71d1709ff066add84ae944b45a817f60b4c1bf719e39ae23e9b413469db2310793e9137cf38741e5dd2a3c138a566dbde1950c00071b20ac457b46ba9b0a7ebdddcc212bd228d2a4c4146a970e54158477247c27871af1564b176576e9fd43bf63740bf77434bc4ea3b1a4b430e1a11714bf43160145578a575c3f78ddeaa48de97f73460f26f8df2b5d63e31800100d16bc27160fea5ced5a977ef541cfe8dadc7b3991ed1c0d4f16a3076bbfed96ba3e155113e794987af8abb133f06feefabc2ac32eb4d4d4ba1541ca08b9e518d2e74b7f946b0cbd2663d58c689359b9a565821acc619011233d1011963fa302cde34fc9c5ba2e03eeb2512f547391e940d56218e22ae325f2dfa38d4bae35744ee707aa5dc9c17674025d15390a08f5c452343546ef6da0f7").to_vec(); assert_eq!(data.len(), 700); - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let mut input_bits = vec![]; @@ -651,7 +651,7 @@ mod test { let hash_result = h.finalize(); - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let mut input_bits = vec![]; diff --git a/bellman/src/gadgets/boolean.rs b/bellman/src/gadgets/boolean.rs index b521e7bdf..940790d9c 100644 --- a/bellman/src/gadgets/boolean.rs +++ b/bellman/src/gadgets/boolean.rs @@ -1,6 +1,6 @@ //! Gadgets for allocating bits in the circuit and performing boolean logic. -use ff::{BitIterator, Field, PrimeField, ScalarEngine}; +use ff::{BitIterator, PrimeField}; use crate::{ConstraintSystem, LinearCombination, SynthesisError, Variable}; @@ -26,22 +26,22 @@ impl AllocatedBit { /// Allocate a variable in the constraint system which can only be a /// boolean value. Further, constrain that the boolean is false /// unless the condition is false. - pub fn alloc_conditionally( + pub fn alloc_conditionally( mut cs: CS, value: Option, must_be_false: &AllocatedBit, ) -> Result where - E: ScalarEngine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { let var = cs.alloc( || "boolean", || { if *value.get()? { - Ok(E::Fr::one()) + Ok(Scalar::one()) } else { - Ok(E::Fr::zero()) + Ok(Scalar::zero()) } }, )?; @@ -67,18 +67,18 @@ impl AllocatedBit { /// Allocate a variable in the constraint system which can only be a /// boolean value. - pub fn alloc(mut cs: CS, value: Option) -> Result + pub fn alloc(mut cs: CS, value: Option) -> Result where - E: ScalarEngine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { let var = cs.alloc( || "boolean", || { if *value.get()? { - Ok(E::Fr::one()) + Ok(Scalar::one()) } else { - Ok(E::Fr::zero()) + Ok(Scalar::zero()) } }, )?; @@ -100,10 +100,10 @@ impl AllocatedBit { /// Performs an XOR operation over the two operands, returning /// an `AllocatedBit`. - pub fn xor(mut cs: CS, a: &Self, b: &Self) -> Result + pub fn xor(mut cs: CS, a: &Self, b: &Self) -> Result where - E: ScalarEngine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { let mut result_value = None; @@ -113,11 +113,11 @@ impl AllocatedBit { if *a.value.get()? ^ *b.value.get()? { result_value = Some(true); - Ok(E::Fr::one()) + Ok(Scalar::one()) } else { result_value = Some(false); - Ok(E::Fr::zero()) + Ok(Scalar::zero()) } }, )?; @@ -152,10 +152,10 @@ impl AllocatedBit { /// Performs an AND operation over the two operands, returning /// an `AllocatedBit`. - pub fn and(mut cs: CS, a: &Self, b: &Self) -> Result + pub fn and(mut cs: CS, a: &Self, b: &Self) -> Result where - E: ScalarEngine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { let mut result_value = None; @@ -165,11 +165,11 @@ impl AllocatedBit { if *a.value.get()? & *b.value.get()? { result_value = Some(true); - Ok(E::Fr::one()) + Ok(Scalar::one()) } else { result_value = Some(false); - Ok(E::Fr::zero()) + Ok(Scalar::zero()) } }, )?; @@ -190,10 +190,10 @@ impl AllocatedBit { } /// Calculates `a AND (NOT b)`. - pub fn and_not(mut cs: CS, a: &Self, b: &Self) -> Result + pub fn and_not(mut cs: CS, a: &Self, b: &Self) -> Result where - E: ScalarEngine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { let mut result_value = None; @@ -203,11 +203,11 @@ impl AllocatedBit { if *a.value.get()? & !*b.value.get()? { result_value = Some(true); - Ok(E::Fr::one()) + Ok(Scalar::one()) } else { result_value = Some(false); - Ok(E::Fr::zero()) + Ok(Scalar::zero()) } }, )?; @@ -228,10 +228,10 @@ impl AllocatedBit { } /// Calculates `(NOT a) AND (NOT b)`. - pub fn nor(mut cs: CS, a: &Self, b: &Self) -> Result + pub fn nor(mut cs: CS, a: &Self, b: &Self) -> Result where - E: ScalarEngine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { let mut result_value = None; @@ -241,11 +241,11 @@ impl AllocatedBit { if !*a.value.get()? & !*b.value.get()? { result_value = Some(true); - Ok(E::Fr::one()) + Ok(Scalar::one()) } else { result_value = Some(false); - Ok(E::Fr::zero()) + Ok(Scalar::zero()) } }, )?; @@ -266,7 +266,7 @@ impl AllocatedBit { } } -pub fn u64_into_boolean_vec_le>( +pub fn u64_into_boolean_vec_le>( mut cs: CS, value: Option, ) -> Result, SynthesisError> { @@ -297,16 +297,24 @@ pub fn u64_into_boolean_vec_le>( Ok(bits) } -pub fn field_into_boolean_vec_le, F: PrimeField>( +pub fn field_into_boolean_vec_le< + Scalar: PrimeField, + CS: ConstraintSystem, + F: PrimeField, +>( cs: CS, value: Option, ) -> Result, SynthesisError> { - let v = field_into_allocated_bits_le::(cs, value)?; + let v = field_into_allocated_bits_le::(cs, value)?; Ok(v.into_iter().map(Boolean::from).collect()) } -pub fn field_into_allocated_bits_le, F: PrimeField>( +pub fn field_into_allocated_bits_le< + Scalar: PrimeField, + CS: ConstraintSystem, + F: PrimeField, +>( mut cs: CS, value: Option, ) -> Result, SynthesisError> { @@ -366,10 +374,10 @@ impl Boolean { } } - pub fn enforce_equal(mut cs: CS, a: &Self, b: &Self) -> Result<(), SynthesisError> + pub fn enforce_equal(mut cs: CS, a: &Self, b: &Self) -> Result<(), SynthesisError> where - E: ScalarEngine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { match (a, b) { (&Boolean::Constant(a), &Boolean::Constant(b)) => { @@ -384,7 +392,7 @@ impl Boolean { || "enforce equal to one", |lc| lc, |lc| lc, - |lc| lc + CS::one() - &a.lc(CS::one(), E::Fr::one()), + |lc| lc + CS::one() - &a.lc(CS::one(), Scalar::one()), ); Ok(()) @@ -394,7 +402,7 @@ impl Boolean { || "enforce equal to zero", |lc| lc, |lc| lc, - |_| a.lc(CS::one(), E::Fr::one()), + |_| a.lc(CS::one(), Scalar::one()), ); Ok(()) @@ -404,7 +412,7 @@ impl Boolean { || "enforce equal", |lc| lc, |lc| lc, - |_| a.lc(CS::one(), E::Fr::one()) - &b.lc(CS::one(), E::Fr::one()), + |_| a.lc(CS::one(), Scalar::one()) - &b.lc(CS::one(), Scalar::one()), ); Ok(()) @@ -420,18 +428,22 @@ impl Boolean { } } - pub fn lc(&self, one: Variable, coeff: E::Fr) -> LinearCombination { + pub fn lc( + &self, + one: Variable, + coeff: Scalar, + ) -> LinearCombination { match *self { Boolean::Constant(c) => { if c { - LinearCombination::::zero() + (coeff, one) + LinearCombination::::zero() + (coeff, one) } else { - LinearCombination::::zero() + LinearCombination::::zero() } } - Boolean::Is(ref v) => LinearCombination::::zero() + (coeff, v.get_variable()), + Boolean::Is(ref v) => LinearCombination::::zero() + (coeff, v.get_variable()), Boolean::Not(ref v) => { - LinearCombination::::zero() + (coeff, one) - (coeff, v.get_variable()) + LinearCombination::::zero() + (coeff, one) - (coeff, v.get_variable()) } } } @@ -451,10 +463,10 @@ impl Boolean { } /// Perform XOR over two boolean operands - pub fn xor<'a, E, CS>(cs: CS, a: &'a Self, b: &'a Self) -> Result + pub fn xor<'a, Scalar, CS>(cs: CS, a: &'a Self, b: &'a Self) -> Result where - E: ScalarEngine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { match (a, b) { (&Boolean::Constant(false), x) | (x, &Boolean::Constant(false)) => Ok(x.clone()), @@ -473,10 +485,10 @@ impl Boolean { } /// Perform AND over two boolean operands - pub fn and<'a, E, CS>(cs: CS, a: &'a Self, b: &'a Self) -> Result + pub fn and<'a, Scalar, CS>(cs: CS, a: &'a Self, b: &'a Self) -> Result where - E: ScalarEngine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { match (a, b) { // false AND x is always false @@ -502,15 +514,15 @@ impl Boolean { } /// Computes (a and b) xor ((not a) and c) - pub fn sha256_ch<'a, E, CS>( + pub fn sha256_ch<'a, Scalar, CS>( mut cs: CS, a: &'a Self, b: &'a Self, c: &'a Self, ) -> Result where - E: ScalarEngine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { let ch_value = match (a.get_value(), b.get_value(), c.get_value()) { (Some(a), Some(b), Some(c)) => { @@ -589,16 +601,16 @@ impl Boolean { || { ch_value .get() - .map(|v| if *v { E::Fr::one() } else { E::Fr::zero() }) + .map(|v| if *v { Scalar::one() } else { Scalar::zero() }) }, )?; // a(b - c) = ch - c cs.enforce( || "ch computation", - |_| b.lc(CS::one(), E::Fr::one()) - &c.lc(CS::one(), E::Fr::one()), - |_| a.lc(CS::one(), E::Fr::one()), - |lc| lc + ch - &c.lc(CS::one(), E::Fr::one()), + |_| b.lc(CS::one(), Scalar::one()) - &c.lc(CS::one(), Scalar::one()), + |_| a.lc(CS::one(), Scalar::one()), + |lc| lc + ch - &c.lc(CS::one(), Scalar::one()), ); Ok(AllocatedBit { @@ -609,15 +621,15 @@ impl Boolean { } /// Computes (a and b) xor (a and c) xor (b and c) - pub fn sha256_maj<'a, E, CS>( + pub fn sha256_maj<'a, Scalar, CS>( mut cs: CS, a: &'a Self, b: &'a Self, c: &'a Self, ) -> Result where - E: ScalarEngine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { let maj_value = match (a.get_value(), b.get_value(), c.get_value()) { (Some(a), Some(b), Some(c)) => { @@ -692,7 +704,7 @@ impl Boolean { || { maj_value .get() - .map(|v| if *v { E::Fr::one() } else { E::Fr::zero() }) + .map(|v| if *v { Scalar::one() } else { Scalar::zero() }) }, )?; @@ -710,12 +722,12 @@ impl Boolean { cs.enforce( || "maj computation", |_| { - bc.lc(CS::one(), E::Fr::one()) + &bc.lc(CS::one(), E::Fr::one()) - - &b.lc(CS::one(), E::Fr::one()) - - &c.lc(CS::one(), E::Fr::one()) + bc.lc(CS::one(), Scalar::one()) + &bc.lc(CS::one(), Scalar::one()) + - &b.lc(CS::one(), Scalar::one()) + - &c.lc(CS::one(), Scalar::one()) }, - |_| a.lc(CS::one(), E::Fr::one()), - |_| bc.lc(CS::one(), E::Fr::one()) - maj, + |_| a.lc(CS::one(), Scalar::one()), + |_| bc.lc(CS::one(), Scalar::one()) - maj, ); Ok(AllocatedBit { @@ -738,11 +750,11 @@ mod test { use crate::gadgets::test::*; use crate::ConstraintSystem; use ff::{Field, PrimeField}; - use pairing::bls12_381::{Bls12, Fr}; + use pairing::bls12_381::Fr; #[test] fn test_allocated_bit() { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); AllocatedBit::alloc(&mut cs, Some(true)).unwrap(); assert!(cs.get("boolean") == Fr::one()); @@ -758,7 +770,7 @@ mod test { fn test_xor() { for a_val in [false, true].iter() { for b_val in [false, true].iter() { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let a = AllocatedBit::alloc(cs.namespace(|| "a"), Some(*a_val)).unwrap(); let b = AllocatedBit::alloc(cs.namespace(|| "b"), Some(*b_val)).unwrap(); let c = AllocatedBit::xor(&mut cs, &a, &b).unwrap(); @@ -794,7 +806,7 @@ mod test { fn test_and() { for a_val in [false, true].iter() { for b_val in [false, true].iter() { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let a = AllocatedBit::alloc(cs.namespace(|| "a"), Some(*a_val)).unwrap(); let b = AllocatedBit::alloc(cs.namespace(|| "b"), Some(*b_val)).unwrap(); let c = AllocatedBit::and(&mut cs, &a, &b).unwrap(); @@ -830,7 +842,7 @@ mod test { fn test_and_not() { for a_val in [false, true].iter() { for b_val in [false, true].iter() { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let a = AllocatedBit::alloc(cs.namespace(|| "a"), Some(*a_val)).unwrap(); let b = AllocatedBit::alloc(cs.namespace(|| "b"), Some(*b_val)).unwrap(); let c = AllocatedBit::and_not(&mut cs, &a, &b).unwrap(); @@ -866,7 +878,7 @@ mod test { fn test_nor() { for a_val in [false, true].iter() { for b_val in [false, true].iter() { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let a = AllocatedBit::alloc(cs.namespace(|| "a"), Some(*a_val)).unwrap(); let b = AllocatedBit::alloc(cs.namespace(|| "b"), Some(*b_val)).unwrap(); let c = AllocatedBit::nor(&mut cs, &a, &b).unwrap(); @@ -905,7 +917,7 @@ mod test { for a_neg in [false, true].iter().cloned() { for b_neg in [false, true].iter().cloned() { { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let mut a = Boolean::from( AllocatedBit::alloc(cs.namespace(|| "a"), Some(a_bool)).unwrap(), @@ -926,7 +938,7 @@ mod test { assert_eq!(cs.is_satisfied(), (a_bool ^ a_neg) == (b_bool ^ b_neg)); } { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let mut a = Boolean::Constant(a_bool); let mut b = Boolean::from( @@ -945,7 +957,7 @@ mod test { assert_eq!(cs.is_satisfied(), (a_bool ^ a_neg) == (b_bool ^ b_neg)); } { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let mut a = Boolean::from( AllocatedBit::alloc(cs.namespace(|| "a"), Some(a_bool)).unwrap(), @@ -964,7 +976,7 @@ mod test { assert_eq!(cs.is_satisfied(), (a_bool ^ a_neg) == (b_bool ^ b_neg)); } { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let mut a = Boolean::Constant(a_bool); let mut b = Boolean::Constant(b_bool); @@ -993,7 +1005,7 @@ mod test { #[test] fn test_boolean_negation() { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let mut b = Boolean::from(AllocatedBit::alloc(&mut cs, Some(true)).unwrap()); @@ -1085,7 +1097,7 @@ mod test { for first_operand in variants.iter().cloned() { for second_operand in variants.iter().cloned() { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let a; let b; @@ -1294,7 +1306,7 @@ mod test { for first_operand in variants.iter().cloned() { for second_operand in variants.iter().cloned() { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let a; let b; @@ -1515,7 +1527,7 @@ mod test { #[test] fn test_u64_into_boolean_vec_le() { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let bits = u64_into_boolean_vec_le(&mut cs, Some(17234652694787248421)).unwrap(); @@ -1536,7 +1548,7 @@ mod test { #[test] fn test_field_into_allocated_bits_le() { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let r = Fr::from_str( "9147677615426976802526883532204139322118074541891858454835346926874644257775", @@ -1573,7 +1585,7 @@ mod test { for first_operand in variants.iter().cloned() { for second_operand in variants.iter().cloned() { for third_operand in variants.iter().cloned() { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let a; let b; @@ -1664,7 +1676,7 @@ mod test { for first_operand in variants.iter().cloned() { for second_operand in variants.iter().cloned() { for third_operand in variants.iter().cloned() { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let a; let b; @@ -1745,7 +1757,7 @@ mod test { #[test] fn test_alloc_conditionally() { { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let b = AllocatedBit::alloc(&mut cs, Some(false)).unwrap(); let value = None; @@ -1761,7 +1773,7 @@ mod test { { // since value is true, b must be false, so it should succeed - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let value = Some(true); let b = AllocatedBit::alloc(&mut cs, Some(false)).unwrap(); @@ -1778,7 +1790,7 @@ mod test { { // since value is true, b must be false, so it should fail - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let value = Some(true); let b = AllocatedBit::alloc(&mut cs, Some(true)).unwrap(); @@ -1793,7 +1805,7 @@ mod test { let value = Some(false); //check with false bit - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let b1 = AllocatedBit::alloc(&mut cs, Some(false)).unwrap(); AllocatedBit::alloc_conditionally(cs.namespace(|| "alloc_conditionally"), value, &b1) .unwrap(); @@ -1801,7 +1813,7 @@ mod test { assert!(cs.is_satisfied()); //check with true bit - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let b2 = AllocatedBit::alloc(&mut cs, Some(true)).unwrap(); AllocatedBit::alloc_conditionally(cs.namespace(|| "alloc_conditionally"), value, &b2) .unwrap(); diff --git a/bellman/src/gadgets/lookup.rs b/bellman/src/gadgets/lookup.rs index bde86e2ba..d7fb30151 100644 --- a/bellman/src/gadgets/lookup.rs +++ b/bellman/src/gadgets/lookup.rs @@ -1,7 +1,6 @@ //! Window table lookup gadgets. -use ff::{Field, ScalarEngine}; -use std::ops::{AddAssign, Neg}; +use ff::PrimeField; use super::boolean::Boolean; use super::num::{AllocatedNum, Num}; @@ -9,9 +8,9 @@ use super::*; use crate::ConstraintSystem; // Synthesize the constants for each base pattern. -fn synth<'a, E: ScalarEngine, I>(window_size: usize, constants: I, assignment: &mut [E::Fr]) +fn synth<'a, Scalar: PrimeField, I>(window_size: usize, constants: I, assignment: &mut [Scalar]) where - I: IntoIterator, + I: IntoIterator, { assert_eq!(assignment.len(), 1 << window_size); @@ -29,13 +28,13 @@ where /// Performs a 3-bit window table lookup. `bits` is in /// little-endian order. -pub fn lookup3_xy( +pub fn lookup3_xy( mut cs: CS, bits: &[Boolean], - coords: &[(E::Fr, E::Fr)], -) -> Result<(AllocatedNum, AllocatedNum), SynthesisError> + coords: &[(Scalar, Scalar)], +) -> Result<(AllocatedNum, AllocatedNum), SynthesisError> where - CS: ConstraintSystem, + CS: ConstraintSystem, { assert_eq!(bits.len(), 3); assert_eq!(coords.len(), 8); @@ -69,10 +68,10 @@ where let res_y = AllocatedNum::alloc(cs.namespace(|| "y"), || Ok(coords[*i.get()?].1))?; // Compute the coefficients for the lookup constraints - let mut x_coeffs = [E::Fr::zero(); 8]; - let mut y_coeffs = [E::Fr::zero(); 8]; - synth::(3, coords.iter().map(|c| &c.0), &mut x_coeffs); - synth::(3, coords.iter().map(|c| &c.1), &mut y_coeffs); + let mut x_coeffs = [Scalar::zero(); 8]; + let mut y_coeffs = [Scalar::zero(); 8]; + synth::(3, coords.iter().map(|c| &c.0), &mut x_coeffs); + synth::(3, coords.iter().map(|c| &c.1), &mut y_coeffs); let precomp = Boolean::and(cs.namespace(|| "precomp"), &bits[1], &bits[2])?; @@ -82,17 +81,17 @@ where || "x-coordinate lookup", |lc| { lc + (x_coeffs[0b001], one) - + &bits[1].lc::(one, x_coeffs[0b011]) - + &bits[2].lc::(one, x_coeffs[0b101]) - + &precomp.lc::(one, x_coeffs[0b111]) + + &bits[1].lc::(one, x_coeffs[0b011]) + + &bits[2].lc::(one, x_coeffs[0b101]) + + &precomp.lc::(one, x_coeffs[0b111]) }, - |lc| lc + &bits[0].lc::(one, E::Fr::one()), + |lc| lc + &bits[0].lc::(one, Scalar::one()), |lc| { lc + res_x.get_variable() - (x_coeffs[0b000], one) - - &bits[1].lc::(one, x_coeffs[0b010]) - - &bits[2].lc::(one, x_coeffs[0b100]) - - &precomp.lc::(one, x_coeffs[0b110]) + - &bits[1].lc::(one, x_coeffs[0b010]) + - &bits[2].lc::(one, x_coeffs[0b100]) + - &precomp.lc::(one, x_coeffs[0b110]) }, ); @@ -100,17 +99,17 @@ where || "y-coordinate lookup", |lc| { lc + (y_coeffs[0b001], one) - + &bits[1].lc::(one, y_coeffs[0b011]) - + &bits[2].lc::(one, y_coeffs[0b101]) - + &precomp.lc::(one, y_coeffs[0b111]) + + &bits[1].lc::(one, y_coeffs[0b011]) + + &bits[2].lc::(one, y_coeffs[0b101]) + + &precomp.lc::(one, y_coeffs[0b111]) }, - |lc| lc + &bits[0].lc::(one, E::Fr::one()), + |lc| lc + &bits[0].lc::(one, Scalar::one()), |lc| { lc + res_y.get_variable() - (y_coeffs[0b000], one) - - &bits[1].lc::(one, y_coeffs[0b010]) - - &bits[2].lc::(one, y_coeffs[0b100]) - - &precomp.lc::(one, y_coeffs[0b110]) + - &bits[1].lc::(one, y_coeffs[0b010]) + - &bits[2].lc::(one, y_coeffs[0b100]) + - &precomp.lc::(one, y_coeffs[0b110]) }, ); @@ -119,13 +118,13 @@ where /// Performs a 3-bit window table lookup, where /// one of the bits is a sign bit. -pub fn lookup3_xy_with_conditional_negation( +pub fn lookup3_xy_with_conditional_negation( mut cs: CS, bits: &[Boolean], - coords: &[(E::Fr, E::Fr)], -) -> Result<(Num, Num), SynthesisError> + coords: &[(Scalar, Scalar)], +) -> Result<(Num, Num), SynthesisError> where - CS: ConstraintSystem, + CS: ConstraintSystem, { assert_eq!(bits.len(), 3); assert_eq!(coords.len(), 4); @@ -158,10 +157,10 @@ where let one = CS::one(); // Compute the coefficients for the lookup constraints - let mut x_coeffs = [E::Fr::zero(); 4]; - let mut y_coeffs = [E::Fr::zero(); 4]; - synth::(2, coords.iter().map(|c| &c.0), &mut x_coeffs); - synth::(2, coords.iter().map(|c| &c.1), &mut y_coeffs); + let mut x_coeffs = [Scalar::zero(); 4]; + let mut y_coeffs = [Scalar::zero(); 4]; + synth::(2, coords.iter().map(|c| &c.0), &mut x_coeffs); + synth::(2, coords.iter().map(|c| &c.1), &mut y_coeffs); let precomp = Boolean::and(cs.namespace(|| "precomp"), &bits[0], &bits[1])?; @@ -171,15 +170,15 @@ where .add_bool_with_coeff(one, &bits[1], x_coeffs[0b10]) .add_bool_with_coeff(one, &precomp, x_coeffs[0b11]); - let y_lc = precomp.lc::(one, y_coeffs[0b11]) - + &bits[1].lc::(one, y_coeffs[0b10]) - + &bits[0].lc::(one, y_coeffs[0b01]) + let y_lc = precomp.lc::(one, y_coeffs[0b11]) + + &bits[1].lc::(one, y_coeffs[0b10]) + + &bits[0].lc::(one, y_coeffs[0b01]) + (y_coeffs[0b00], one); cs.enforce( || "y-coordinate lookup", |lc| lc + &y_lc + &y_lc, - |lc| lc + &bits[2].lc::(one, E::Fr::one()), + |lc| lc + &bits[2].lc::(one, Scalar::one()), |lc| lc + &y_lc - y.get_variable(), ); @@ -191,9 +190,12 @@ mod test { use super::*; use crate::gadgets::boolean::{AllocatedBit, Boolean}; use crate::gadgets::test::*; - use pairing::bls12_381::{Bls12, Fr}; + + use ff::Field; + use pairing::bls12_381::Fr; use rand_core::{RngCore, SeedableRng}; use rand_xorshift::XorShiftRng; + use std::ops::{AddAssign, Neg}; #[test] fn test_lookup3_xy() { @@ -203,7 +205,7 @@ mod test { ]); for _ in 0..100 { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let a_val = rng.next_u32() % 2 != 0; let a = Boolean::from(AllocatedBit::alloc(cs.namespace(|| "a"), Some(a_val)).unwrap()); @@ -248,7 +250,7 @@ mod test { ]); for _ in 0..100 { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let a_val = rng.next_u32() % 2 != 0; let a = Boolean::from(AllocatedBit::alloc(cs.namespace(|| "a"), Some(a_val)).unwrap()); @@ -300,7 +302,7 @@ mod test { .map(|_| Fr::random(&mut rng)) .collect(); - synth::(window_size, &constants, &mut assignment); + synth(window_size, &constants, &mut assignment); for b in 0..(1 << window_size) { let mut acc = Fr::zero(); diff --git a/bellman/src/gadgets/multieq.rs b/bellman/src/gadgets/multieq.rs index 37b2d9429..b2bc151cb 100644 --- a/bellman/src/gadgets/multieq.rs +++ b/bellman/src/gadgets/multieq.rs @@ -1,16 +1,16 @@ -use ff::{Field, PrimeField, ScalarEngine}; +use ff::PrimeField; use crate::{ConstraintSystem, LinearCombination, SynthesisError, Variable}; -pub struct MultiEq> { +pub struct MultiEq> { cs: CS, ops: usize, bits_used: usize, - lhs: LinearCombination, - rhs: LinearCombination, + lhs: LinearCombination, + rhs: LinearCombination, } -impl> MultiEq { +impl> MultiEq { pub fn new(cs: CS) -> Self { MultiEq { cs, @@ -40,17 +40,17 @@ impl> MultiEq { pub fn enforce_equal( &mut self, num_bits: usize, - lhs: &LinearCombination, - rhs: &LinearCombination, + lhs: &LinearCombination, + rhs: &LinearCombination, ) { // Check if we will exceed the capacity - if (E::Fr::CAPACITY as usize) <= (self.bits_used + num_bits) { + if (Scalar::CAPACITY as usize) <= (self.bits_used + num_bits) { self.accumulate(); } - assert!((E::Fr::CAPACITY as usize) > (self.bits_used + num_bits)); + assert!((Scalar::CAPACITY as usize) > (self.bits_used + num_bits)); - let coeff = E::Fr::from_str("2") + let coeff = Scalar::from_str("2") .unwrap() .pow_vartime(&[self.bits_used as u64]); self.lhs = self.lhs.clone() + (coeff, lhs); @@ -59,7 +59,7 @@ impl> MultiEq { } } -impl> Drop for MultiEq { +impl> Drop for MultiEq { fn drop(&mut self) { if self.bits_used > 0 { self.accumulate(); @@ -67,7 +67,9 @@ impl> Drop for MultiEq { } } -impl> ConstraintSystem for MultiEq { +impl> ConstraintSystem + for MultiEq +{ type Root = Self; fn one() -> Variable { @@ -76,7 +78,7 @@ impl> ConstraintSystem for MultiEq(&mut self, annotation: A, f: F) -> Result where - F: FnOnce() -> Result, + F: FnOnce() -> Result, A: FnOnce() -> AR, AR: Into, { @@ -85,7 +87,7 @@ impl> ConstraintSystem for MultiEq(&mut self, annotation: A, f: F) -> Result where - F: FnOnce() -> Result, + F: FnOnce() -> Result, A: FnOnce() -> AR, AR: Into, { @@ -96,9 +98,9 @@ impl> ConstraintSystem for MultiEq AR, AR: Into, - LA: FnOnce(LinearCombination) -> LinearCombination, - LB: FnOnce(LinearCombination) -> LinearCombination, - LC: FnOnce(LinearCombination) -> LinearCombination, + LA: FnOnce(LinearCombination) -> LinearCombination, + LB: FnOnce(LinearCombination) -> LinearCombination, + LC: FnOnce(LinearCombination) -> LinearCombination, { self.cs.enforce(annotation, a, b, c) } diff --git a/bellman/src/gadgets/multipack.rs b/bellman/src/gadgets/multipack.rs index 8ee6a1546..b4df2eeab 100644 --- a/bellman/src/gadgets/multipack.rs +++ b/bellman/src/gadgets/multipack.rs @@ -4,19 +4,18 @@ use super::boolean::Boolean; use super::num::Num; use super::Assignment; use crate::{ConstraintSystem, SynthesisError}; -use ff::{Field, PrimeField, ScalarEngine}; -use std::ops::AddAssign; +use ff::PrimeField; /// Takes a sequence of booleans and exposes them as compact /// public inputs -pub fn pack_into_inputs(mut cs: CS, bits: &[Boolean]) -> Result<(), SynthesisError> +pub fn pack_into_inputs(mut cs: CS, bits: &[Boolean]) -> Result<(), SynthesisError> where - E: ScalarEngine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { - for (i, bits) in bits.chunks(E::Fr::CAPACITY as usize).enumerate() { - let mut num = Num::::zero(); - let mut coeff = E::Fr::one(); + for (i, bits) in bits.chunks(Scalar::CAPACITY as usize).enumerate() { + let mut num = Num::::zero(); + let mut coeff = Scalar::one(); for bit in bits { num = num.add_bool_with_coeff(CS::one(), bit, coeff); @@ -28,7 +27,7 @@ where // num * 1 = input cs.enforce( || format!("packing constraint {}", i), - |_| num.lc(E::Fr::one()), + |_| num.lc(Scalar::one()), |lc| lc + CS::one(), |lc| lc + input, ); @@ -51,12 +50,12 @@ pub fn bytes_to_bits_le(bytes: &[u8]) -> Vec { .collect() } -pub fn compute_multipacking(bits: &[bool]) -> Vec { +pub fn compute_multipacking(bits: &[bool]) -> Vec { let mut result = vec![]; - for bits in bits.chunks(E::Fr::CAPACITY as usize) { - let mut cur = E::Fr::zero(); - let mut coeff = E::Fr::one(); + for bits in bits.chunks(Scalar::CAPACITY as usize) { + let mut cur = Scalar::zero(); + let mut coeff = Scalar::one(); for bit in bits { if *bit { @@ -75,7 +74,7 @@ pub fn compute_multipacking(bits: &[bool]) -> Vec { #[test] fn test_multipacking() { use crate::ConstraintSystem; - use pairing::bls12_381::Bls12; + use pairing::bls12_381::Fr; use rand_core::{RngCore, SeedableRng}; use rand_xorshift::XorShiftRng; @@ -88,7 +87,7 @@ fn test_multipacking() { ]); for num_bits in 0..1500 { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let bits: Vec = (0..num_bits).map(|_| rng.next_u32() % 2 != 0).collect(); @@ -102,7 +101,7 @@ fn test_multipacking() { }) .collect::>(); - let expected_inputs = compute_multipacking::(&bits); + let expected_inputs = compute_multipacking(&bits); pack_into_inputs(cs.namespace(|| "pack"), &circuit_bits).unwrap(); diff --git a/bellman/src/gadgets/num.rs b/bellman/src/gadgets/num.rs index 236689d2b..7f94d93ea 100644 --- a/bellman/src/gadgets/num.rs +++ b/bellman/src/gadgets/num.rs @@ -1,7 +1,6 @@ //! Gadgets representing numbers in the scalar field of the underlying curve. -use ff::{BitIterator, Field, PrimeField, ScalarEngine}; -use std::ops::{AddAssign, MulAssign}; +use ff::{BitIterator, PrimeField}; use crate::{ConstraintSystem, LinearCombination, SynthesisError, Variable}; @@ -9,12 +8,12 @@ use super::Assignment; use super::boolean::{self, AllocatedBit, Boolean}; -pub struct AllocatedNum { - value: Option, +pub struct AllocatedNum { + value: Option, variable: Variable, } -impl Clone for AllocatedNum { +impl Clone for AllocatedNum { fn clone(&self) -> Self { AllocatedNum { value: self.value, @@ -23,11 +22,11 @@ impl Clone for AllocatedNum { } } -impl AllocatedNum { +impl AllocatedNum { pub fn alloc(mut cs: CS, value: F) -> Result where - CS: ConstraintSystem, - F: FnOnce() -> Result, + CS: ConstraintSystem, + F: FnOnce() -> Result, { let mut new_value = None; let var = cs.alloc( @@ -49,7 +48,7 @@ impl AllocatedNum { pub fn inputize(&self, mut cs: CS) -> Result<(), SynthesisError> where - CS: ConstraintSystem, + CS: ConstraintSystem, { let input = cs.alloc_input(|| "input variable", || Ok(*self.value.get()?))?; @@ -70,15 +69,15 @@ impl AllocatedNum { /// congruency is not allowed.) pub fn to_bits_le_strict(&self, mut cs: CS) -> Result, SynthesisError> where - CS: ConstraintSystem, + CS: ConstraintSystem, { - pub fn kary_and( + pub fn kary_and( mut cs: CS, v: &[AllocatedBit], ) -> Result where - E: ScalarEngine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { assert!(!v.is_empty()); @@ -104,7 +103,7 @@ impl AllocatedNum { // We want to ensure that the bit representation of a is // less than or equal to r - 1. let mut a = self.value.map(|e| BitIterator::::new(e.to_repr())); - let b = (-E::Fr::one()).to_repr(); + let b = (-Scalar::one()).to_repr(); let mut result = vec![]; @@ -171,7 +170,7 @@ impl AllocatedNum { // However, now we have to unpack self! let mut lc = LinearCombination::zero(); - let mut coeff = E::Fr::one(); + let mut coeff = Scalar::one(); for bit in result.iter().rev() { lc = lc + (coeff, bit.get_variable()); @@ -192,12 +191,12 @@ impl AllocatedNum { /// "in the field." pub fn to_bits_le(&self, mut cs: CS) -> Result, SynthesisError> where - CS: ConstraintSystem, + CS: ConstraintSystem, { let bits = boolean::field_into_allocated_bits_le(&mut cs, self.value)?; let mut lc = LinearCombination::zero(); - let mut coeff = E::Fr::one(); + let mut coeff = Scalar::one(); for bit in bits.iter() { lc = lc + (coeff, bit.get_variable()); @@ -214,7 +213,7 @@ impl AllocatedNum { pub fn mul(&self, mut cs: CS, other: &Self) -> Result where - CS: ConstraintSystem, + CS: ConstraintSystem, { let mut value = None; @@ -246,7 +245,7 @@ impl AllocatedNum { pub fn square(&self, mut cs: CS) -> Result where - CS: ConstraintSystem, + CS: ConstraintSystem, { let mut value = None; @@ -277,7 +276,7 @@ impl AllocatedNum { pub fn assert_nonzero(&self, mut cs: CS) -> Result<(), SynthesisError> where - CS: ConstraintSystem, + CS: ConstraintSystem, { let inv = cs.alloc( || "ephemeral inverse", @@ -315,7 +314,7 @@ impl AllocatedNum { condition: &Boolean, ) -> Result<(Self, Self), SynthesisError> where - CS: ConstraintSystem, + CS: ConstraintSystem, { let c = Self::alloc(cs.namespace(|| "conditional reversal result 1"), || { if *condition.get_value().get()? { @@ -328,7 +327,7 @@ impl AllocatedNum { cs.enforce( || "first conditional reversal", |lc| lc + a.variable - b.variable, - |_| condition.lc(CS::one(), E::Fr::one()), + |_| condition.lc(CS::one(), Scalar::one()), |lc| lc + a.variable - c.variable, ); @@ -343,14 +342,14 @@ impl AllocatedNum { cs.enforce( || "second conditional reversal", |lc| lc + b.variable - a.variable, - |_| condition.lc(CS::one(), E::Fr::one()), + |_| condition.lc(CS::one(), Scalar::one()), |lc| lc + b.variable - d.variable, ); Ok((c, d)) } - pub fn get_value(&self) -> Option { + pub fn get_value(&self) -> Option { self.value } @@ -359,37 +358,37 @@ impl AllocatedNum { } } -pub struct Num { - value: Option, - lc: LinearCombination, +pub struct Num { + value: Option, + lc: LinearCombination, } -impl From> for Num { - fn from(num: AllocatedNum) -> Num { +impl From> for Num { + fn from(num: AllocatedNum) -> Num { Num { value: num.value, - lc: LinearCombination::::zero() + num.variable, + lc: LinearCombination::::zero() + num.variable, } } } -impl Num { +impl Num { pub fn zero() -> Self { Num { - value: Some(E::Fr::zero()), + value: Some(Scalar::zero()), lc: LinearCombination::zero(), } } - pub fn get_value(&self) -> Option { + pub fn get_value(&self) -> Option { self.value } - pub fn lc(&self, coeff: E::Fr) -> LinearCombination { + pub fn lc(&self, coeff: Scalar) -> LinearCombination { LinearCombination::zero() + (coeff, &self.lc) } - pub fn add_bool_with_coeff(self, one: Variable, bit: &Boolean, coeff: E::Fr) -> Self { + pub fn add_bool_with_coeff(self, one: Variable, bit: &Boolean, coeff: Scalar) -> Self { let newval = match (self.value, bit.get_value()) { (Some(mut curval), Some(bval)) => { if bval { @@ -412,7 +411,7 @@ impl Num { mod test { use crate::ConstraintSystem; use ff::{BitIterator, Field, PrimeField}; - use pairing::bls12_381::{Bls12, Fr}; + use pairing::bls12_381::Fr; use rand_core::SeedableRng; use rand_xorshift::XorShiftRng; use std::ops::{Neg, SubAssign}; @@ -422,7 +421,7 @@ mod test { #[test] fn test_allocated_num() { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); AllocatedNum::alloc(&mut cs, || Ok(Fr::one())).unwrap(); @@ -431,7 +430,7 @@ mod test { #[test] fn test_num_squaring() { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let n = AllocatedNum::alloc(&mut cs, || Ok(Fr::from_str("3").unwrap())).unwrap(); let n2 = n.square(&mut cs).unwrap(); @@ -445,7 +444,7 @@ mod test { #[test] fn test_num_multiplication() { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let n = AllocatedNum::alloc(cs.namespace(|| "a"), || Ok(Fr::from_str("12").unwrap())).unwrap(); @@ -467,7 +466,7 @@ mod test { 0xbc, 0xe5, ]); { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let a = AllocatedNum::alloc(cs.namespace(|| "a"), || Ok(Fr::random(&mut rng))).unwrap(); let b = AllocatedNum::alloc(cs.namespace(|| "b"), || Ok(Fr::random(&mut rng))).unwrap(); @@ -481,7 +480,7 @@ mod test { } { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let a = AllocatedNum::alloc(cs.namespace(|| "a"), || Ok(Fr::random(&mut rng))).unwrap(); let b = AllocatedNum::alloc(cs.namespace(|| "b"), || Ok(Fr::random(&mut rng))).unwrap(); @@ -498,7 +497,7 @@ mod test { #[test] fn test_num_nonzero() { { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let n = AllocatedNum::alloc(&mut cs, || Ok(Fr::from_str("3").unwrap())).unwrap(); n.assert_nonzero(&mut cs).unwrap(); @@ -508,7 +507,7 @@ mod test { assert!(cs.which_is_unsatisfied() == Some("nonzero assertion constraint")); } { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let n = AllocatedNum::alloc(&mut cs, || Ok(Fr::zero())).unwrap(); assert!(n.assert_nonzero(&mut cs).is_err()); @@ -519,7 +518,7 @@ mod test { fn test_into_bits_strict() { let negone = Fr::one().neg(); - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let n = AllocatedNum::alloc(&mut cs, || Ok(negone)).unwrap(); n.to_bits_le_strict(&mut cs).unwrap(); @@ -545,7 +544,7 @@ mod test { for i in 0..200 { let r = Fr::random(&mut rng); - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let n = AllocatedNum::alloc(&mut cs, || Ok(r)).unwrap(); diff --git a/bellman/src/gadgets/sha256.rs b/bellman/src/gadgets/sha256.rs index 1be898e0d..2db3e6ce1 100644 --- a/bellman/src/gadgets/sha256.rs +++ b/bellman/src/gadgets/sha256.rs @@ -7,7 +7,7 @@ use super::boolean::Boolean; use super::multieq::MultiEq; use super::uint32::UInt32; use crate::{ConstraintSystem, SynthesisError}; -use ff::ScalarEngine; +use ff::PrimeField; #[allow(clippy::unreadable_literal)] const ROUND_CONSTANTS: [u32; 64] = [ @@ -26,13 +26,13 @@ const IV: [u32; 8] = [ 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19, ]; -pub fn sha256_block_no_padding( +pub fn sha256_block_no_padding( mut cs: CS, input: &[Boolean], ) -> Result, SynthesisError> where - E: ScalarEngine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { assert_eq!(input.len(), 512); @@ -44,10 +44,10 @@ where ) } -pub fn sha256(mut cs: CS, input: &[Boolean]) -> Result, SynthesisError> +pub fn sha256(mut cs: CS, input: &[Boolean]) -> Result, SynthesisError> where - E: ScalarEngine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { assert!(input.len() % 8 == 0); @@ -77,14 +77,14 @@ fn get_sha256_iv() -> Vec { IV.iter().map(|&v| UInt32::constant(v)).collect() } -fn sha256_compression_function( +fn sha256_compression_function( cs: CS, input: &[Boolean], current_hash_value: &[UInt32], ) -> Result, SynthesisError> where - E: ScalarEngine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { assert_eq!(input.len(), 512); assert_eq!(current_hash_value.len(), 8); @@ -128,11 +128,11 @@ where } impl Maybe { - fn compute(self, cs: M, others: &[UInt32]) -> Result + fn compute(self, cs: M, others: &[UInt32]) -> Result where - E: ScalarEngine, - CS: ConstraintSystem, - M: ConstraintSystem>, + Scalar: PrimeField, + CS: ConstraintSystem, + M: ConstraintSystem>, { Ok(match self { Maybe::Concrete(ref v) => return Ok(v.clone()), @@ -274,7 +274,7 @@ mod test { use crate::gadgets::boolean::AllocatedBit; use crate::gadgets::test::TestConstraintSystem; use hex_literal::hex; - use pairing::bls12_381::Bls12; + use pairing::bls12_381::Fr; use rand_core::{RngCore, SeedableRng}; use rand_xorshift::XorShiftRng; @@ -282,7 +282,7 @@ mod test { fn test_blank_hash() { let iv = get_sha256_iv(); - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let mut input_bits: Vec<_> = (0..512).map(|_| Boolean::Constant(false)).collect(); input_bits[0] = Boolean::Constant(true); let out = sha256_compression_function(&mut cs, &input_bits, &iv).unwrap(); @@ -312,7 +312,7 @@ mod test { let iv = get_sha256_iv(); - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let input_bits: Vec<_> = (0..512) .map(|i| { Boolean::from( @@ -346,7 +346,7 @@ mod test { h.input(&data); let hash_result = h.result(); - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let mut input_bits = vec![]; for (byte_i, input_byte) in data.into_iter().enumerate() { diff --git a/bellman/src/gadgets/test/mod.rs b/bellman/src/gadgets/test/mod.rs index be7214ea2..c1395b10b 100644 --- a/bellman/src/gadgets/test/mod.rs +++ b/bellman/src/gadgets/test/mod.rs @@ -1,12 +1,11 @@ //! Helpers for testing circuit implementations. -use ff::{Endianness, Field, PrimeField, ScalarEngine}; +use ff::{Endianness, PrimeField}; use crate::{ConstraintSystem, Index, LinearCombination, SynthesisError, Variable}; use std::collections::HashMap; use std::fmt::Write; -use std::ops::{AddAssign, MulAssign, Neg}; use byteorder::{BigEndian, ByteOrder}; use std::cmp::Ordering; @@ -22,17 +21,17 @@ enum NamedObject { } /// Constraint system for testing purposes. -pub struct TestConstraintSystem { +pub struct TestConstraintSystem { named_objects: HashMap, current_namespace: Vec, constraints: Vec<( - LinearCombination, - LinearCombination, - LinearCombination, + LinearCombination, + LinearCombination, + LinearCombination, String, )>, - inputs: Vec<(E::Fr, String)>, - aux: Vec<(E::Fr, String)>, + inputs: Vec<(Scalar, String)>, + aux: Vec<(Scalar, String)>, } #[derive(Clone, Copy)] @@ -64,11 +63,11 @@ impl Ord for OrderedVariable { } } -fn proc_lc(terms: &[(Variable, E::Fr)]) -> BTreeMap { +fn proc_lc(terms: &[(Variable, Scalar)]) -> BTreeMap { let mut map = BTreeMap::new(); for &(var, coeff) in terms { map.entry(OrderedVariable(var)) - .or_insert_with(E::Fr::zero) + .or_insert_with(Scalar::zero) .add_assign(&coeff); } @@ -87,8 +86,8 @@ fn proc_lc(terms: &[(Variable, E::Fr)]) -> BTreeMap(terms: &[(Variable, E::Fr)], h: &mut Blake2sState) { - let map = proc_lc::(terms); +fn hash_lc(terms: &[(Variable, Scalar)], h: &mut Blake2sState) { + let map = proc_lc::(terms); let mut buf = [0u8; 9 + 32]; BigEndian::write_u64(&mut buf[0..8], map.len() as u64); @@ -107,7 +106,7 @@ fn hash_lc(terms: &[(Variable, E::Fr)], h: &mut Blake2sState) { } let mut coeff_repr = coeff.to_repr(); - ::ReprEndianness::toggle_little_endian(&mut coeff_repr); + ::ReprEndianness::toggle_little_endian(&mut coeff_repr); let coeff_be: Vec<_> = coeff_repr.as_ref().iter().cloned().rev().collect(); buf[9..].copy_from_slice(&coeff_be[..]); @@ -115,12 +114,12 @@ fn hash_lc(terms: &[(Variable, E::Fr)], h: &mut Blake2sState) { } } -fn eval_lc( - terms: &[(Variable, E::Fr)], - inputs: &[(E::Fr, String)], - aux: &[(E::Fr, String)], -) -> E::Fr { - let mut acc = E::Fr::zero(); +fn eval_lc( + terms: &[(Variable, Scalar)], + inputs: &[(Scalar, String)], + aux: &[(Scalar, String)], +) -> Scalar { + let mut acc = Scalar::zero(); for &(var, ref coeff) in terms { let mut tmp = match var.get_unchecked() { @@ -128,26 +127,26 @@ fn eval_lc( Index::Aux(index) => aux[index].0, }; - tmp.mul_assign(&coeff); + tmp.mul_assign(coeff); acc.add_assign(&tmp); } acc } -impl TestConstraintSystem { - pub fn new() -> TestConstraintSystem { +impl TestConstraintSystem { + pub fn new() -> TestConstraintSystem { let mut map = HashMap::new(); map.insert( "ONE".into(), - NamedObject::Var(TestConstraintSystem::::one()), + NamedObject::Var(TestConstraintSystem::::one()), ); TestConstraintSystem { named_objects: map, current_namespace: vec![], constraints: vec![], - inputs: vec![(E::Fr::one(), "ONE".into())], + inputs: vec![(Scalar::one(), "ONE".into())], aux: vec![], } } @@ -155,16 +154,16 @@ impl TestConstraintSystem { pub fn pretty_print(&self) -> String { let mut s = String::new(); - let negone = E::Fr::one().neg(); + let negone = Scalar::one().neg(); - let powers_of_two = (0..E::Fr::NUM_BITS) - .map(|i| E::Fr::from_str("2").unwrap().pow_vartime(&[u64::from(i)])) + let powers_of_two = (0..Scalar::NUM_BITS) + .map(|i| Scalar::from_str("2").unwrap().pow_vartime(&[u64::from(i)])) .collect::>(); - let pp = |s: &mut String, lc: &LinearCombination| { + let pp = |s: &mut String, lc: &LinearCombination| { write!(s, "(").unwrap(); let mut is_first = true; - for (var, coeff) in proc_lc::(lc.as_ref()) { + for (var, coeff) in proc_lc::(lc.as_ref()) { if coeff == negone { write!(s, " - ").unwrap(); } else if !is_first { @@ -172,7 +171,7 @@ impl TestConstraintSystem { } is_first = false; - if coeff != E::Fr::one() && coeff != negone { + if coeff != Scalar::one() && coeff != negone { for (i, x) in powers_of_two.iter().enumerate() { if x == &coeff { write!(s, "2^{} . ", i).unwrap(); @@ -227,9 +226,9 @@ impl TestConstraintSystem { } for constraint in &self.constraints { - hash_lc::(constraint.0.as_ref(), &mut h); - hash_lc::(constraint.1.as_ref(), &mut h); - hash_lc::(constraint.2.as_ref(), &mut h); + hash_lc::(constraint.0.as_ref(), &mut h); + hash_lc::(constraint.1.as_ref(), &mut h); + hash_lc::(constraint.2.as_ref(), &mut h); } let mut s = String::new(); @@ -242,9 +241,9 @@ impl TestConstraintSystem { pub fn which_is_unsatisfied(&self) -> Option<&str> { for &(ref a, ref b, ref c, ref path) in &self.constraints { - let mut a = eval_lc::(a.as_ref(), &self.inputs, &self.aux); - let b = eval_lc::(b.as_ref(), &self.inputs, &self.aux); - let c = eval_lc::(c.as_ref(), &self.inputs, &self.aux); + let mut a = eval_lc::(a.as_ref(), &self.inputs, &self.aux); + let b = eval_lc::(b.as_ref(), &self.inputs, &self.aux); + let c = eval_lc::(c.as_ref(), &self.inputs, &self.aux); a.mul_assign(&b); @@ -264,7 +263,7 @@ impl TestConstraintSystem { self.constraints.len() } - pub fn set(&mut self, path: &str, to: E::Fr) { + pub fn set(&mut self, path: &str, to: Scalar) { match self.named_objects.get(path) { Some(&NamedObject::Var(ref v)) => match v.get_unchecked() { Index::Input(index) => self.inputs[index].0 = to, @@ -278,7 +277,7 @@ impl TestConstraintSystem { } } - pub fn verify(&self, expected: &[E::Fr]) -> bool { + pub fn verify(&self, expected: &[Scalar]) -> bool { assert_eq!(expected.len() + 1, self.inputs.len()); for (a, b) in self.inputs.iter().skip(1).zip(expected.iter()) { @@ -294,7 +293,7 @@ impl TestConstraintSystem { self.inputs.len() } - pub fn get_input(&mut self, index: usize, path: &str) -> E::Fr { + pub fn get_input(&mut self, index: usize, path: &str) -> Scalar { let (assignment, name) = self.inputs[index].clone(); assert_eq!(path, name); @@ -302,7 +301,7 @@ impl TestConstraintSystem { assignment } - pub fn get(&mut self, path: &str) -> E::Fr { + pub fn get(&mut self, path: &str) -> Scalar { match self.named_objects.get(path) { Some(&NamedObject::Var(ref v)) => match v.get_unchecked() { Index::Input(index) => self.inputs[index].0, @@ -345,12 +344,12 @@ fn compute_path(ns: &[String], this: String) -> String { name } -impl ConstraintSystem for TestConstraintSystem { +impl ConstraintSystem for TestConstraintSystem { type Root = Self; fn alloc(&mut self, annotation: A, f: F) -> Result where - F: FnOnce() -> Result, + F: FnOnce() -> Result, A: FnOnce() -> AR, AR: Into, { @@ -365,7 +364,7 @@ impl ConstraintSystem for TestConstraintSystem { fn alloc_input(&mut self, annotation: A, f: F) -> Result where - F: FnOnce() -> Result, + F: FnOnce() -> Result, A: FnOnce() -> AR, AR: Into, { @@ -382,9 +381,9 @@ impl ConstraintSystem for TestConstraintSystem { where A: FnOnce() -> AR, AR: Into, - LA: FnOnce(LinearCombination) -> LinearCombination, - LB: FnOnce(LinearCombination) -> LinearCombination, - LC: FnOnce(LinearCombination) -> LinearCombination, + LA: FnOnce(LinearCombination) -> LinearCombination, + LB: FnOnce(LinearCombination) -> LinearCombination, + LC: FnOnce(LinearCombination) -> LinearCombination, { let path = compute_path(&self.current_namespace, annotation().into()); let index = self.constraints.len(); @@ -419,10 +418,10 @@ impl ConstraintSystem for TestConstraintSystem { #[test] fn test_cs() { - use ff::PrimeField; - use pairing::bls12_381::{Bls12, Fr}; + use ff::{Field, PrimeField}; + use pairing::bls12_381::Fr; - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); assert!(cs.is_satisfied()); assert_eq!(cs.num_constraints(), 0); let a = cs @@ -443,7 +442,7 @@ fn test_cs() { cs.set("a/var", Fr::from_str("4").unwrap()); - let one = TestConstraintSystem::::one(); + let one = TestConstraintSystem::::one(); cs.enforce(|| "eq", |lc| lc + a, |lc| lc + one, |lc| lc + b); assert!(!cs.is_satisfied()); diff --git a/bellman/src/gadgets/uint32.rs b/bellman/src/gadgets/uint32.rs index 16bb65135..a040a2bd6 100644 --- a/bellman/src/gadgets/uint32.rs +++ b/bellman/src/gadgets/uint32.rs @@ -3,7 +3,7 @@ //! //! [`sha256`]: crate::gadgets::sha256 -use ff::{Field, PrimeField, ScalarEngine}; +use ff::PrimeField; use crate::{ConstraintSystem, LinearCombination, SynthesisError}; @@ -43,10 +43,10 @@ impl UInt32 { } /// Allocate a `UInt32` in the constraint system - pub fn alloc(mut cs: CS, value: Option) -> Result + pub fn alloc(mut cs: CS, value: Option) -> Result where - E: ScalarEngine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { let values = match value { Some(mut val) => { @@ -189,7 +189,7 @@ impl UInt32 { } } - fn triop( + fn triop( mut cs: CS, a: &Self, b: &Self, @@ -198,8 +198,8 @@ impl UInt32 { circuit_fn: U, ) -> Result where - E: ScalarEngine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, F: Fn(u32, u32, u32) -> u32, U: Fn(&mut CS, usize, &Boolean, &Boolean, &Boolean) -> Result, { @@ -225,10 +225,15 @@ impl UInt32 { /// Compute the `maj` value (a and b) xor (a and c) xor (b and c) /// during SHA256. - pub fn sha256_maj(cs: CS, a: &Self, b: &Self, c: &Self) -> Result + pub fn sha256_maj( + cs: CS, + a: &Self, + b: &Self, + c: &Self, + ) -> Result where - E: ScalarEngine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { Self::triop( cs, @@ -242,10 +247,15 @@ impl UInt32 { /// Compute the `ch` value `(a and b) xor ((not a) and c)` /// during SHA256. - pub fn sha256_ch(cs: CS, a: &Self, b: &Self, c: &Self) -> Result + pub fn sha256_ch( + cs: CS, + a: &Self, + b: &Self, + c: &Self, + ) -> Result where - E: ScalarEngine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { Self::triop( cs, @@ -258,10 +268,10 @@ impl UInt32 { } /// XOR this `UInt32` with another `UInt32` - pub fn xor(&self, mut cs: CS, other: &Self) -> Result + pub fn xor(&self, mut cs: CS, other: &Self) -> Result where - E: ScalarEngine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { let new_value = match (self.value, other.value) { (Some(a), Some(b)) => Some(a ^ b), @@ -283,15 +293,15 @@ impl UInt32 { } /// Perform modular addition of several `UInt32` objects. - pub fn addmany(mut cs: M, operands: &[Self]) -> Result + pub fn addmany(mut cs: M, operands: &[Self]) -> Result where - E: ScalarEngine, - CS: ConstraintSystem, - M: ConstraintSystem>, + Scalar: PrimeField, + CS: ConstraintSystem, + M: ConstraintSystem>, { // Make some arbitrary bounds for ourselves to avoid overflows // in the scalar field - assert!(E::Fr::NUM_BITS >= 64); + assert!(Scalar::NUM_BITS >= 64); assert!(operands.len() >= 2); // Weird trivial cases that should never happen assert!(operands.len() <= 10); @@ -324,7 +334,7 @@ impl UInt32 { // Iterate over each bit of the operand and add the operand to // the linear combination - let mut coeff = E::Fr::one(); + let mut coeff = Scalar::one(); for bit in &op.bits { lc = lc + &bit.lc(CS::one(), coeff); @@ -352,7 +362,7 @@ impl UInt32 { let mut result_lc = LinearCombination::zero(); // Allocate each bit of the result - let mut coeff = E::Fr::one(); + let mut coeff = Scalar::one(); let mut i = 0; while max_value != 0 { // Allocate the bit @@ -392,7 +402,7 @@ mod test { use crate::gadgets::test::*; use crate::ConstraintSystem; use ff::Field; - use pairing::bls12_381::Bls12; + use pairing::bls12_381::Fr; use rand_core::{RngCore, SeedableRng}; use rand_xorshift::XorShiftRng; @@ -474,7 +484,7 @@ mod test { ]); for _ in 0..1000 { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let a = rng.next_u32(); let b = rng.next_u32(); @@ -519,7 +529,7 @@ mod test { ]); for _ in 0..1000 { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let a = rng.next_u32(); let b = rng.next_u32(); @@ -562,7 +572,7 @@ mod test { ]); for _ in 0..1000 { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let a = rng.next_u32(); let b = rng.next_u32(); @@ -675,7 +685,7 @@ mod test { ]); for _ in 0..1000 { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let a = rng.next_u32(); let b = rng.next_u32(); @@ -719,7 +729,7 @@ mod test { ]); for _ in 0..1000 { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let a = rng.next_u32(); let b = rng.next_u32(); diff --git a/bellman/src/groth16/generator.rs b/bellman/src/groth16/generator.rs index 7a0e1b0b9..060ff1bec 100644 --- a/bellman/src/groth16/generator.rs +++ b/bellman/src/groth16/generator.rs @@ -2,7 +2,7 @@ use rand_core::RngCore; use std::ops::{AddAssign, MulAssign}; use std::sync::Arc; -use ff::Field; +use ff::{Field, PrimeField}; use group::{CurveAffine, CurveProjective, Group, Wnaf}; use pairing::Engine; @@ -22,7 +22,7 @@ pub fn generate_random_parameters( ) -> Result, SynthesisError> where E: Engine, - C: Circuit, + C: Circuit, R: RngCore, { let g1 = E::G1::random(rng); @@ -38,24 +38,24 @@ where /// This is our assembly structure that we'll use to synthesize the /// circuit into a QAP. -struct KeypairAssembly { +struct KeypairAssembly { num_inputs: usize, num_aux: usize, num_constraints: usize, - at_inputs: Vec>, - bt_inputs: Vec>, - ct_inputs: Vec>, - at_aux: Vec>, - bt_aux: Vec>, - ct_aux: Vec>, + at_inputs: Vec>, + bt_inputs: Vec>, + ct_inputs: Vec>, + at_aux: Vec>, + bt_aux: Vec>, + ct_aux: Vec>, } -impl ConstraintSystem for KeypairAssembly { +impl ConstraintSystem for KeypairAssembly { type Root = Self; fn alloc(&mut self, _: A, _: F) -> Result where - F: FnOnce() -> Result, + F: FnOnce() -> Result, A: FnOnce() -> AR, AR: Into, { @@ -74,7 +74,7 @@ impl ConstraintSystem for KeypairAssembly { fn alloc_input(&mut self, _: A, _: F) -> Result where - F: FnOnce() -> Result, + F: FnOnce() -> Result, A: FnOnce() -> AR, AR: Into, { @@ -95,14 +95,14 @@ impl ConstraintSystem for KeypairAssembly { where A: FnOnce() -> AR, AR: Into, - LA: FnOnce(LinearCombination) -> LinearCombination, - LB: FnOnce(LinearCombination) -> LinearCombination, - LC: FnOnce(LinearCombination) -> LinearCombination, + LA: FnOnce(LinearCombination) -> LinearCombination, + LB: FnOnce(LinearCombination) -> LinearCombination, + LC: FnOnce(LinearCombination) -> LinearCombination, { - fn eval( - l: LinearCombination, - inputs: &mut [Vec<(E::Fr, usize)>], - aux: &mut [Vec<(E::Fr, usize)>], + fn eval( + l: LinearCombination, + inputs: &mut [Vec<(Scalar, usize)>], + aux: &mut [Vec<(Scalar, usize)>], this_constraint: usize, ) { for (index, coeff) in l.0 { @@ -165,7 +165,7 @@ pub fn generate_parameters( ) -> Result, SynthesisError> where E: Engine, - C: Circuit, + C: Circuit, { let mut assembly = KeypairAssembly { num_inputs: 0, @@ -192,7 +192,7 @@ where } // Create bases for blind evaluation of polynomials at tau - let powers_of_tau = vec![Scalar::(E::Fr::zero()); assembly.num_constraints]; + let powers_of_tau = vec![Scalar::(E::Fr::zero()); assembly.num_constraints]; let mut powers_of_tau = EvaluationDomain::from_coeffs(powers_of_tau)?; // Compute G1 window table @@ -302,7 +302,7 @@ where g2_wnaf: &Wnaf>, // Lagrange coefficients for tau - powers_of_tau: &[Scalar], + powers_of_tau: &[Scalar], // QAP polynomials at: &[Vec<(E::Fr, usize)>], @@ -362,11 +362,11 @@ where .zip(bt.iter()) .zip(ct.iter()) { - fn eval_at_tau( - powers_of_tau: &[Scalar], - p: &[(E::Fr, usize)], - ) -> E::Fr { - let mut acc = E::Fr::zero(); + fn eval_at_tau( + powers_of_tau: &[Scalar], + p: &[(S, usize)], + ) -> S { + let mut acc = S::zero(); for &(ref coeff, index) in p { let mut n = powers_of_tau[index].0; @@ -416,7 +416,7 @@ where } // Evaluate for inputs. - eval( + eval::( &g1_wnaf, &g2_wnaf, &powers_of_tau, @@ -434,7 +434,7 @@ where ); // Evaluate for auxiliary variables. - eval( + eval::( &g1_wnaf, &g2_wnaf, &powers_of_tau, diff --git a/bellman/src/groth16/mod.rs b/bellman/src/groth16/mod.rs index a5d8aa522..f9fb17d8b 100644 --- a/bellman/src/groth16/mod.rs +++ b/bellman/src/groth16/mod.rs @@ -479,20 +479,20 @@ mod test_with_bls12_381 { use super::*; use crate::{Circuit, ConstraintSystem, SynthesisError}; - use ff::Field; + use ff::{Field, PrimeField}; use pairing::bls12_381::{Bls12, Fr}; use rand::thread_rng; use std::ops::MulAssign; #[test] fn serialization() { - struct MySillyCircuit { - a: Option, - b: Option, + struct MySillyCircuit { + a: Option, + b: Option, } - impl Circuit for MySillyCircuit { - fn synthesize>( + impl Circuit for MySillyCircuit { + fn synthesize>( self, cs: &mut CS, ) -> Result<(), SynthesisError> { diff --git a/bellman/src/groth16/prover.rs b/bellman/src/groth16/prover.rs index 0052751e9..ff91c2675 100644 --- a/bellman/src/groth16/prover.rs +++ b/bellman/src/groth16/prover.rs @@ -4,7 +4,7 @@ use std::sync::Arc; use futures::Future; -use ff::Field; +use ff::{Field, PrimeField}; use group::{CurveAffine, CurveProjective}; use pairing::Engine; @@ -18,14 +18,14 @@ use crate::multiexp::{multiexp, DensityTracker, FullDensity}; use crate::multicore::Worker; -fn eval( - lc: &LinearCombination, +fn eval( + lc: &LinearCombination, mut input_density: Option<&mut DensityTracker>, mut aux_density: Option<&mut DensityTracker>, - input_assignment: &[E::Fr], - aux_assignment: &[E::Fr], -) -> E::Fr { - let mut acc = E::Fr::zero(); + input_assignment: &[S], + aux_assignment: &[S], +) -> S { + let mut acc = S::zero(); for &(index, coeff) in lc.0.iter() { let mut tmp; @@ -45,7 +45,7 @@ fn eval( } } - if coeff == E::Fr::one() { + if coeff == S::one() { acc.add_assign(&tmp); } else { tmp.mul_assign(&coeff); @@ -56,28 +56,28 @@ fn eval( acc } -struct ProvingAssignment { +struct ProvingAssignment { // Density of queries a_aux_density: DensityTracker, b_input_density: DensityTracker, b_aux_density: DensityTracker, // Evaluations of A, B, C polynomials - a: Vec>, - b: Vec>, - c: Vec>, + a: Vec>, + b: Vec>, + c: Vec>, // Assignments of variables - input_assignment: Vec, - aux_assignment: Vec, + input_assignment: Vec, + aux_assignment: Vec, } -impl ConstraintSystem for ProvingAssignment { +impl ConstraintSystem for ProvingAssignment { type Root = Self; fn alloc(&mut self, _: A, f: F) -> Result where - F: FnOnce() -> Result, + F: FnOnce() -> Result, A: FnOnce() -> AR, AR: Into, { @@ -90,7 +90,7 @@ impl ConstraintSystem for ProvingAssignment { fn alloc_input(&mut self, _: A, f: F) -> Result where - F: FnOnce() -> Result, + F: FnOnce() -> Result, A: FnOnce() -> AR, AR: Into, { @@ -104,9 +104,9 @@ impl ConstraintSystem for ProvingAssignment { where A: FnOnce() -> AR, AR: Into, - LA: FnOnce(LinearCombination) -> LinearCombination, - LB: FnOnce(LinearCombination) -> LinearCombination, - LC: FnOnce(LinearCombination) -> LinearCombination, + LA: FnOnce(LinearCombination) -> LinearCombination, + LB: FnOnce(LinearCombination) -> LinearCombination, + LC: FnOnce(LinearCombination) -> LinearCombination, { let a = a(LinearCombination::zero()); let b = b(LinearCombination::zero()); @@ -166,7 +166,7 @@ pub fn create_random_proof>( ) -> Result, SynthesisError> where E: Engine, - C: Circuit, + C: Circuit, R: RngCore, { let r = E::Fr::random(rng); @@ -183,7 +183,7 @@ pub fn create_proof>( ) -> Result, SynthesisError> where E: Engine, - C: Circuit, + C: Circuit, { let mut prover = ProvingAssignment { a_aux_density: DensityTracker::new(), diff --git a/bellman/src/groth16/tests/dummy_engine.rs b/bellman/src/groth16/tests/dummy_engine.rs index 5686c95c4..bf3bb035a 100644 --- a/bellman/src/groth16/tests/dummy_engine.rs +++ b/bellman/src/groth16/tests/dummy_engine.rs @@ -1,4 +1,4 @@ -use ff::{Field, PrimeField, ScalarEngine}; +use ff::{Field, PrimeField}; use group::{CurveAffine, CurveProjective, Group, PrimeGroup}; use pairing::{Engine, PairingCurveAffine}; @@ -324,11 +324,8 @@ impl PrimeField for Fr { #[derive(Clone)] pub struct DummyEngine; -impl ScalarEngine for DummyEngine { - type Fr = Fr; -} - impl Engine for DummyEngine { + type Fr = Fr; type G1 = Fr; type G1Affine = Fr; type G2 = Fr; diff --git a/bellman/src/groth16/tests/mod.rs b/bellman/src/groth16/tests/mod.rs index 276738c85..8038e1721 100644 --- a/bellman/src/groth16/tests/mod.rs +++ b/bellman/src/groth16/tests/mod.rs @@ -1,5 +1,4 @@ use ff::{Field, PrimeField}; -use pairing::Engine; mod dummy_engine; use self::dummy_engine::*; @@ -11,22 +10,22 @@ use crate::{Circuit, ConstraintSystem, SynthesisError}; use super::{create_proof, generate_parameters, prepare_verifying_key, verify_proof}; -struct XORDemo { +struct XORDemo { a: Option, b: Option, - _marker: PhantomData, + _marker: PhantomData, } -impl Circuit for XORDemo { - fn synthesize>(self, cs: &mut CS) -> Result<(), SynthesisError> { +impl Circuit for XORDemo { + fn synthesize>(self, cs: &mut CS) -> Result<(), SynthesisError> { let a_var = cs.alloc( || "a", || { if self.a.is_some() { if self.a.unwrap() { - Ok(E::Fr::one()) + Ok(Scalar::one()) } else { - Ok(E::Fr::zero()) + Ok(Scalar::zero()) } } else { Err(SynthesisError::AssignmentMissing) @@ -46,9 +45,9 @@ impl Circuit for XORDemo { || { if self.b.is_some() { if self.b.unwrap() { - Ok(E::Fr::one()) + Ok(Scalar::one()) } else { - Ok(E::Fr::zero()) + Ok(Scalar::zero()) } } else { Err(SynthesisError::AssignmentMissing) @@ -68,9 +67,9 @@ impl Circuit for XORDemo { || { if self.a.is_some() && self.b.is_some() { if self.a.unwrap() ^ self.b.unwrap() { - Ok(E::Fr::one()) + Ok(Scalar::one()) } else { - Ok(E::Fr::zero()) + Ok(Scalar::zero()) } } else { Err(SynthesisError::AssignmentMissing) @@ -100,13 +99,13 @@ fn test_xordemo() { let tau = Fr::from_str("3673").unwrap(); let params = { - let c = XORDemo:: { + let c = XORDemo { a: None, b: None, _marker: PhantomData, }; - generate_parameters(c, g1, g2, alpha, beta, gamma, delta, tau).unwrap() + generate_parameters::(c, g1, g2, alpha, beta, gamma, delta, tau).unwrap() }; // This will synthesize the constraint system: diff --git a/bellman/src/lib.rs b/bellman/src/lib.rs index 4c6c7eaf8..6412a928b 100644 --- a/bellman/src/lib.rs +++ b/bellman/src/lib.rs @@ -22,12 +22,13 @@ //! }, //! groth16, Circuit, ConstraintSystem, SynthesisError, //! }; +//! use ff::PrimeField; //! use pairing::{bls12_381::Bls12, Engine}; //! use rand::rngs::OsRng; //! use sha2::{Digest, Sha256}; //! //! /// Our own SHA-256d gadget. Input and output are in little-endian bit order. -//! fn sha256d>( +//! fn sha256d>( //! mut cs: CS, //! data: &[Boolean], //! ) -> Result, SynthesisError> { @@ -57,8 +58,8 @@ //! preimage: Option<[u8; 80]>, //! } //! -//! impl Circuit for MyCircuit { -//! fn synthesize>(self, cs: &mut CS) -> Result<(), SynthesisError> { +//! impl Circuit for MyCircuit { +//! fn synthesize>(self, cs: &mut CS) -> Result<(), SynthesisError> { //! // Compute the values for the bits of the preimage. If we are verifying a proof, //! // we still need to create the same constraints, so we return an equivalent-size //! // Vec of None (indicating that the value of each bit is unknown). @@ -118,7 +119,7 @@ //! //! // Pack the hash as inputs for proof verification. //! let hash_bits = multipack::bytes_to_bits_le(&hash); -//! let inputs = multipack::compute_multipacking::(&hash_bits); +//! let inputs = multipack::compute_multipacking(&hash_bits); //! //! // Check the proof! //! assert!(groth16::verify_proof(&pvk, &proof, &inputs).unwrap()); @@ -142,21 +143,21 @@ pub mod groth16; pub mod multicore; mod multiexp; -use ff::{Field, ScalarEngine}; +use ff::PrimeField; use std::error::Error; use std::fmt; use std::io; use std::marker::PhantomData; -use std::ops::{Add, MulAssign, Neg, Sub}; +use std::ops::{Add, Sub}; /// Computations are expressed in terms of arithmetic circuits, in particular /// rank-1 quadratic constraint systems. The `Circuit` trait represents a /// circuit that can be synthesized. The `synthesize` method is called during /// CRS generation and during proving. -pub trait Circuit { +pub trait Circuit { /// Synthesize the circuit into a rank-1 quadratic constraint system - fn synthesize>(self, cs: &mut CS) -> Result<(), SynthesisError>; + fn synthesize>(self, cs: &mut CS) -> Result<(), SynthesisError>; } /// Represents a variable in our constraint system. @@ -188,59 +189,59 @@ pub enum Index { /// This represents a linear combination of some variables, with coefficients /// in the scalar field of a pairing-friendly elliptic curve group. #[derive(Clone)] -pub struct LinearCombination(Vec<(Variable, E::Fr)>); +pub struct LinearCombination(Vec<(Variable, Scalar)>); -impl AsRef<[(Variable, E::Fr)]> for LinearCombination { - fn as_ref(&self) -> &[(Variable, E::Fr)] { +impl AsRef<[(Variable, Scalar)]> for LinearCombination { + fn as_ref(&self) -> &[(Variable, Scalar)] { &self.0 } } -impl LinearCombination { - pub fn zero() -> LinearCombination { +impl LinearCombination { + pub fn zero() -> LinearCombination { LinearCombination(vec![]) } } -impl Add<(E::Fr, Variable)> for LinearCombination { - type Output = LinearCombination; +impl Add<(Scalar, Variable)> for LinearCombination { + type Output = LinearCombination; - fn add(mut self, (coeff, var): (E::Fr, Variable)) -> LinearCombination { + fn add(mut self, (coeff, var): (Scalar, Variable)) -> LinearCombination { self.0.push((var, coeff)); self } } -impl Sub<(E::Fr, Variable)> for LinearCombination { - type Output = LinearCombination; +impl Sub<(Scalar, Variable)> for LinearCombination { + type Output = LinearCombination; #[allow(clippy::suspicious_arithmetic_impl)] - fn sub(self, (coeff, var): (E::Fr, Variable)) -> LinearCombination { + fn sub(self, (coeff, var): (Scalar, Variable)) -> LinearCombination { self + (coeff.neg(), var) } } -impl Add for LinearCombination { - type Output = LinearCombination; +impl Add for LinearCombination { + type Output = LinearCombination; - fn add(self, other: Variable) -> LinearCombination { - self + (E::Fr::one(), other) + fn add(self, other: Variable) -> LinearCombination { + self + (Scalar::one(), other) } } -impl Sub for LinearCombination { - type Output = LinearCombination; +impl Sub for LinearCombination { + type Output = LinearCombination; - fn sub(self, other: Variable) -> LinearCombination { - self - (E::Fr::one(), other) + fn sub(self, other: Variable) -> LinearCombination { + self - (Scalar::one(), other) } } -impl<'a, E: ScalarEngine> Add<&'a LinearCombination> for LinearCombination { - type Output = LinearCombination; +impl<'a, Scalar: PrimeField> Add<&'a LinearCombination> for LinearCombination { + type Output = LinearCombination; - fn add(mut self, other: &'a LinearCombination) -> LinearCombination { + fn add(mut self, other: &'a LinearCombination) -> LinearCombination { for s in &other.0 { self = self + (s.1, s.0); } @@ -249,10 +250,10 @@ impl<'a, E: ScalarEngine> Add<&'a LinearCombination> for LinearCombination } } -impl<'a, E: ScalarEngine> Sub<&'a LinearCombination> for LinearCombination { - type Output = LinearCombination; +impl<'a, Scalar: PrimeField> Sub<&'a LinearCombination> for LinearCombination { + type Output = LinearCombination; - fn sub(mut self, other: &'a LinearCombination) -> LinearCombination { + fn sub(mut self, other: &'a LinearCombination) -> LinearCombination { for s in &other.0 { self = self - (s.1, s.0); } @@ -261,10 +262,15 @@ impl<'a, E: ScalarEngine> Sub<&'a LinearCombination> for LinearCombination } } -impl<'a, E: ScalarEngine> Add<(E::Fr, &'a LinearCombination)> for LinearCombination { - type Output = LinearCombination; +impl<'a, Scalar: PrimeField> Add<(Scalar, &'a LinearCombination)> + for LinearCombination +{ + type Output = LinearCombination; - fn add(mut self, (coeff, other): (E::Fr, &'a LinearCombination)) -> LinearCombination { + fn add( + mut self, + (coeff, other): (Scalar, &'a LinearCombination), + ) -> LinearCombination { for s in &other.0 { let mut tmp = s.1; tmp.mul_assign(&coeff); @@ -275,10 +281,15 @@ impl<'a, E: ScalarEngine> Add<(E::Fr, &'a LinearCombination)> for LinearCombi } } -impl<'a, E: ScalarEngine> Sub<(E::Fr, &'a LinearCombination)> for LinearCombination { - type Output = LinearCombination; +impl<'a, Scalar: PrimeField> Sub<(Scalar, &'a LinearCombination)> + for LinearCombination +{ + type Output = LinearCombination; - fn sub(mut self, (coeff, other): (E::Fr, &'a LinearCombination)) -> LinearCombination { + fn sub( + mut self, + (coeff, other): (Scalar, &'a LinearCombination), + ) -> LinearCombination { for s in &other.0 { let mut tmp = s.1; tmp.mul_assign(&coeff); @@ -347,10 +358,10 @@ impl fmt::Display for SynthesisError { /// Represents a constraint system which can have new variables /// allocated and constrains between them formed. -pub trait ConstraintSystem: Sized { +pub trait ConstraintSystem: Sized { /// Represents the type of the "root" of this constraint system /// so that nested namespaces can minimize indirection. - type Root: ConstraintSystem; + type Root: ConstraintSystem; /// Return the "one" input variable fn one() -> Variable { @@ -363,7 +374,7 @@ pub trait ConstraintSystem: Sized { /// namespace. fn alloc(&mut self, annotation: A, f: F) -> Result where - F: FnOnce() -> Result, + F: FnOnce() -> Result, A: FnOnce() -> AR, AR: Into; @@ -371,7 +382,7 @@ pub trait ConstraintSystem: Sized { /// determine the assignment of the variable. fn alloc_input(&mut self, annotation: A, f: F) -> Result where - F: FnOnce() -> Result, + F: FnOnce() -> Result, A: FnOnce() -> AR, AR: Into; @@ -381,9 +392,9 @@ pub trait ConstraintSystem: Sized { where A: FnOnce() -> AR, AR: Into, - LA: FnOnce(LinearCombination) -> LinearCombination, - LB: FnOnce(LinearCombination) -> LinearCombination, - LC: FnOnce(LinearCombination) -> LinearCombination; + LA: FnOnce(LinearCombination) -> LinearCombination, + LB: FnOnce(LinearCombination) -> LinearCombination, + LC: FnOnce(LinearCombination) -> LinearCombination; /// Create a new (sub)namespace and enter into it. Not intended /// for downstream use; use `namespace` instead. @@ -401,7 +412,7 @@ pub trait ConstraintSystem: Sized { fn get_root(&mut self) -> &mut Self::Root; /// Begin a namespace for this constraint system. - fn namespace(&mut self, name_fn: N) -> Namespace<'_, E, Self::Root> + fn namespace(&mut self, name_fn: N) -> Namespace<'_, Scalar, Self::Root> where NR: Into, N: FnOnce() -> NR, @@ -414,9 +425,14 @@ pub trait ConstraintSystem: Sized { /// This is a "namespaced" constraint system which borrows a constraint system (pushing /// a namespace context) and, when dropped, pops out of the namespace context. -pub struct Namespace<'a, E: ScalarEngine, CS: ConstraintSystem>(&'a mut CS, PhantomData); +pub struct Namespace<'a, Scalar: PrimeField, CS: ConstraintSystem>( + &'a mut CS, + PhantomData, +); -impl<'cs, E: ScalarEngine, CS: ConstraintSystem> ConstraintSystem for Namespace<'cs, E, CS> { +impl<'cs, Scalar: PrimeField, CS: ConstraintSystem> ConstraintSystem + for Namespace<'cs, Scalar, CS> +{ type Root = CS::Root; fn one() -> Variable { @@ -425,7 +441,7 @@ impl<'cs, E: ScalarEngine, CS: ConstraintSystem> ConstraintSystem for Name fn alloc(&mut self, annotation: A, f: F) -> Result where - F: FnOnce() -> Result, + F: FnOnce() -> Result, A: FnOnce() -> AR, AR: Into, { @@ -434,7 +450,7 @@ impl<'cs, E: ScalarEngine, CS: ConstraintSystem> ConstraintSystem for Name fn alloc_input(&mut self, annotation: A, f: F) -> Result where - F: FnOnce() -> Result, + F: FnOnce() -> Result, A: FnOnce() -> AR, AR: Into, { @@ -445,9 +461,9 @@ impl<'cs, E: ScalarEngine, CS: ConstraintSystem> ConstraintSystem for Name where A: FnOnce() -> AR, AR: Into, - LA: FnOnce(LinearCombination) -> LinearCombination, - LB: FnOnce(LinearCombination) -> LinearCombination, - LC: FnOnce(LinearCombination) -> LinearCombination, + LA: FnOnce(LinearCombination) -> LinearCombination, + LB: FnOnce(LinearCombination) -> LinearCombination, + LC: FnOnce(LinearCombination) -> LinearCombination, { self.0.enforce(annotation, a, b, c) } @@ -473,15 +489,17 @@ impl<'cs, E: ScalarEngine, CS: ConstraintSystem> ConstraintSystem for Name } } -impl<'a, E: ScalarEngine, CS: ConstraintSystem> Drop for Namespace<'a, E, CS> { +impl<'a, Scalar: PrimeField, CS: ConstraintSystem> Drop for Namespace<'a, Scalar, CS> { fn drop(&mut self) { self.get_root().pop_namespace() } } -/// Convenience implementation of ConstraintSystem for mutable references to +/// Convenience implementation of ConstraintSystem for mutable references to /// constraint systems. -impl<'cs, E: ScalarEngine, CS: ConstraintSystem> ConstraintSystem for &'cs mut CS { +impl<'cs, Scalar: PrimeField, CS: ConstraintSystem> ConstraintSystem + for &'cs mut CS +{ type Root = CS::Root; fn one() -> Variable { @@ -490,7 +508,7 @@ impl<'cs, E: ScalarEngine, CS: ConstraintSystem> ConstraintSystem for &'cs fn alloc(&mut self, annotation: A, f: F) -> Result where - F: FnOnce() -> Result, + F: FnOnce() -> Result, A: FnOnce() -> AR, AR: Into, { @@ -499,7 +517,7 @@ impl<'cs, E: ScalarEngine, CS: ConstraintSystem> ConstraintSystem for &'cs fn alloc_input(&mut self, annotation: A, f: F) -> Result where - F: FnOnce() -> Result, + F: FnOnce() -> Result, A: FnOnce() -> AR, AR: Into, { @@ -510,9 +528,9 @@ impl<'cs, E: ScalarEngine, CS: ConstraintSystem> ConstraintSystem for &'cs where A: FnOnce() -> AR, AR: Into, - LA: FnOnce(LinearCombination) -> LinearCombination, - LB: FnOnce(LinearCombination) -> LinearCombination, - LC: FnOnce(LinearCombination) -> LinearCombination, + LA: FnOnce(LinearCombination) -> LinearCombination, + LB: FnOnce(LinearCombination) -> LinearCombination, + LC: FnOnce(LinearCombination) -> LinearCombination, { (**self).enforce(annotation, a, b, c) } diff --git a/bellman/src/multiexp.rs b/bellman/src/multiexp.rs index a9a868f1a..c9e00d6ba 100644 --- a/bellman/src/multiexp.rs +++ b/bellman/src/multiexp.rs @@ -293,9 +293,6 @@ where multiexp_inner(pool, bases, density_map, exponents, 0, c, true) } -#[cfg(all(test, feature = "pairing"))] -use ff::ScalarEngine; - #[cfg(feature = "pairing")] #[test] fn test_with_bls12() { @@ -315,17 +312,16 @@ fn test_with_bls12() { } use group::Group; - use pairing::{bls12_381::Bls12, Engine}; + use pairing::{ + bls12_381::{Bls12, Fr}, + Engine, + }; use rand; const SAMPLES: usize = 1 << 14; let rng = &mut rand::thread_rng(); - let v = Arc::new( - (0..SAMPLES) - .map(|_| ::Fr::random(rng)) - .collect::>(), - ); + let v = Arc::new((0..SAMPLES).map(|_| Fr::random(rng)).collect::>()); let g = Arc::new( (0..SAMPLES) .map(|_| ::G1::random(rng).to_affine()) diff --git a/bellman/tests/mimc.rs b/bellman/tests/mimc.rs index a1de0f108..b708a18a2 100644 --- a/bellman/tests/mimc.rs +++ b/bellman/tests/mimc.rs @@ -4,13 +4,11 @@ use rand::thread_rng; // For benchmarking use std::time::{Duration, Instant}; -// Bring in some tools for using pairing-friendly curves -use ff::{Field, ScalarEngine}; -use pairing::Engine; -use std::ops::{AddAssign, MulAssign}; +// Bring in some tools for using finite fiels +use ff::{Field, PrimeField}; // We're going to use the BLS12-381 pairing-friendly elliptic curve. -use pairing::bls12_381::Bls12; +use pairing::bls12_381::{Bls12, Fr}; // We'll use these interfaces to construct our circuit. use bellman::{Circuit, ConstraintSystem, SynthesisError}; @@ -35,7 +33,7 @@ const MIMC_ROUNDS: usize = 322; /// return xL /// } /// ``` -fn mimc(mut xl: E::Fr, mut xr: E::Fr, constants: &[E::Fr]) -> E::Fr { +fn mimc(mut xl: Scalar, mut xr: Scalar, constants: &[Scalar]) -> Scalar { assert_eq!(constants.len(), MIMC_ROUNDS); for i in 0..MIMC_ROUNDS { @@ -53,17 +51,17 @@ fn mimc(mut xl: E::Fr, mut xr: E::Fr, constants: &[E::Fr]) -> E::Fr { /// This is our demo circuit for proving knowledge of the /// preimage of a MiMC hash invocation. -struct MiMCDemo<'a, E: Engine> { - xl: Option, - xr: Option, - constants: &'a [E::Fr], +struct MiMCDemo<'a, Scalar: PrimeField> { + xl: Option, + xr: Option, + constants: &'a [Scalar], } /// Our demo circuit implements this `Circuit` trait which /// is used during paramgen and proving in order to /// synthesize the constraint system. -impl<'a, E: Engine> Circuit for MiMCDemo<'a, E> { - fn synthesize>(self, cs: &mut CS) -> Result<(), SynthesisError> { +impl<'a, Scalar: PrimeField> Circuit for MiMCDemo<'a, Scalar> { + fn synthesize>(self, cs: &mut CS) -> Result<(), SynthesisError> { assert_eq!(self.constants.len(), MIMC_ROUNDS); // Allocate the first component of the preimage. @@ -153,20 +151,20 @@ fn test_mimc() { // Generate the MiMC round constants let constants = (0..MIMC_ROUNDS) - .map(|_| ::Fr::random(rng)) + .map(|_| Fr::random(rng)) .collect::>(); println!("Creating parameters..."); // Create parameters for our circuit let params = { - let c = MiMCDemo:: { + let c = MiMCDemo { xl: None, xr: None, constants: &constants, }; - generate_random_parameters(c, rng).unwrap() + generate_random_parameters::(c, rng).unwrap() }; // Prepare the verification key (for proof verification) @@ -185,9 +183,9 @@ fn test_mimc() { for _ in 0..SAMPLES { // Generate a random preimage and compute the image - let xl = ::Fr::random(rng); - let xr = ::Fr::random(rng); - let image = mimc::(xl, xr, &constants); + let xl = Fr::random(rng); + let xr = Fr::random(rng); + let image = mimc(xl, xr, &constants); proof_vec.truncate(0); diff --git a/ff/src/lib.rs b/ff/src/lib.rs index 3382262ee..e975d9136 100644 --- a/ff/src/lib.rs +++ b/ff/src/lib.rs @@ -213,14 +213,6 @@ pub trait PrimeField: Field + From { fn root_of_unity() -> Self; } -/// An "engine" is a collection of types (fields, elliptic curve groups, etc.) -/// with well-defined relationships. Specific relationships (for example, a -/// pairing-friendly curve) can be defined in a subtrait. -pub trait ScalarEngine: Sized + 'static + Clone { - /// This is the scalar field of the engine's groups. - type Fr: PrimeField; -} - #[derive(Debug)] pub struct BitIterator> { t: E, diff --git a/group/src/lib.rs b/group/src/lib.rs index b2e83b30d..4ca6b612e 100644 --- a/group/src/lib.rs +++ b/group/src/lib.rs @@ -35,10 +35,6 @@ impl ScalarMul for T where T: Mul: for<'r> ScalarMul<&'r Rhs, Output> {} impl ScalarMulOwned for T where T: for<'r> ScalarMul<&'r Rhs, Output> {} diff --git a/pairing/src/bls12_381/mod.rs b/pairing/src/bls12_381/mod.rs index e6aaa063d..2732105c6 100644 --- a/pairing/src/bls12_381/mod.rs +++ b/pairing/src/bls12_381/mod.rs @@ -23,7 +23,7 @@ pub use self::fr::{Fr, FrRepr}; use super::{Engine, PairingCurveAffine}; -use ff::{BitIterator, Field, ScalarEngine}; +use ff::{BitIterator, Field}; use group::CurveAffine; use std::ops::{AddAssign, MulAssign, Neg, SubAssign}; use subtle::CtOption; @@ -35,11 +35,8 @@ const BLS_X_IS_NEGATIVE: bool = true; #[derive(Clone, Debug)] pub struct Bls12; -impl ScalarEngine for Bls12 { - type Fr = Fr; -} - impl Engine for Bls12 { + type Fr = Fr; type G1 = G1; type G1Affine = G1Affine; type G2 = G2; diff --git a/pairing/src/lib.rs b/pairing/src/lib.rs index 78394fdd4..88728d13f 100644 --- a/pairing/src/lib.rs +++ b/pairing/src/lib.rs @@ -21,14 +21,17 @@ pub mod tests; pub mod bls12_381; use core::ops::Mul; -use ff::{Field, PrimeField, ScalarEngine}; +use ff::{Field, PrimeField}; use group::{CurveAffine, CurveProjective, GroupOps, GroupOpsOwned, ScalarMul, ScalarMulOwned}; use subtle::CtOption; /// An "engine" is a collection of types (fields, elliptic curve groups, etc.) /// with well-defined relationships. In particular, the G1/G2 curve groups are /// of prime order `r`, and are equipped with a bilinear pairing function. -pub trait Engine: ScalarEngine { +pub trait Engine: Sized + 'static + Clone { + /// This is the scalar field of the engine's groups. + type Fr: PrimeField; + /// The projective representation of an element in G1. type G1: CurveProjective + From diff --git a/zcash_proofs/examples/bench.rs b/zcash_proofs/examples/bench.rs index 2f4878685..cbf6b5e09 100644 --- a/zcash_proofs/examples/bench.rs +++ b/zcash_proofs/examples/bench.rs @@ -19,7 +19,7 @@ fn main() { println!("Creating sample parameters..."); let groth_params = generate_random_parameters::( - Spend { + Spend:: { params: jubjub_params, value_commitment: None, proof_generation_key: None, @@ -37,7 +37,7 @@ fn main() { let mut total_time = Duration::new(0, 0); for _ in 0..SAMPLES { - let value_commitment = ValueCommitment { + let value_commitment = ValueCommitment:: { value: 1, randomness: fs::Fs::random(rng), }; diff --git a/zcash_proofs/src/circuit/ecc.rs b/zcash_proofs/src/circuit/ecc.rs index d287e1bd9..1e573da55 100644 --- a/zcash_proofs/src/circuit/ecc.rs +++ b/zcash_proofs/src/circuit/ecc.rs @@ -18,8 +18,8 @@ use bellman::gadgets::boolean::Boolean; #[derive(Clone)] pub struct EdwardsPoint { - x: AllocatedNum, - y: AllocatedNum, + x: AllocatedNum, + y: AllocatedNum, } /// Perform a fixed-base scalar multiplication with @@ -31,7 +31,7 @@ pub fn fixed_base_multiplication( params: &E::Params, ) -> Result, SynthesisError> where - CS: ConstraintSystem, + CS: ConstraintSystem, E: JubjubEngine, { // Represents the result of the multiplication @@ -78,11 +78,11 @@ where } impl EdwardsPoint { - pub fn get_x(&self) -> &AllocatedNum { + pub fn get_x(&self) -> &AllocatedNum { &self.x } - pub fn get_y(&self) -> &AllocatedNum { + pub fn get_y(&self) -> &AllocatedNum { &self.y } @@ -92,7 +92,7 @@ impl EdwardsPoint { params: &E::Params, ) -> Result<(), SynthesisError> where - CS: ConstraintSystem, + CS: ConstraintSystem, { let tmp = self.double(cs.namespace(|| "first doubling"), params)?; let tmp = tmp.double(cs.namespace(|| "second doubling"), params)?; @@ -109,7 +109,7 @@ impl EdwardsPoint { pub fn inputize(&self, mut cs: CS) -> Result<(), SynthesisError> where - CS: ConstraintSystem, + CS: ConstraintSystem, { self.x.inputize(cs.namespace(|| "x"))?; self.y.inputize(cs.namespace(|| "y"))?; @@ -120,7 +120,7 @@ impl EdwardsPoint { /// This converts the point into a representation. pub fn repr(&self, mut cs: CS) -> Result, SynthesisError> where - CS: ConstraintSystem, + CS: ConstraintSystem, { let mut tmp = vec![]; @@ -142,7 +142,7 @@ impl EdwardsPoint { params: &E::Params, ) -> Result where - CS: ConstraintSystem, + CS: ConstraintSystem, { let p = p.map(|p| p.to_xy()); @@ -163,7 +163,7 @@ impl EdwardsPoint { condition: &Boolean, ) -> Result where - CS: ConstraintSystem, + CS: ConstraintSystem, { // Compute x' = self.x if condition, and 0 otherwise let x_prime = AllocatedNum::alloc(cs.namespace(|| "x'"), || { @@ -220,7 +220,7 @@ impl EdwardsPoint { params: &E::Params, ) -> Result where - CS: ConstraintSystem, + CS: ConstraintSystem, { // Represents the current "magnitude" of the base // that we're operating over. Starts at self, @@ -267,12 +267,12 @@ impl EdwardsPoint { pub fn interpret( mut cs: CS, - x: &AllocatedNum, - y: &AllocatedNum, + x: &AllocatedNum, + y: &AllocatedNum, params: &E::Params, ) -> Result where - CS: ConstraintSystem, + CS: ConstraintSystem, { // -x^2 + y^2 = 1 + dx^2y^2 @@ -296,7 +296,7 @@ impl EdwardsPoint { pub fn double(&self, mut cs: CS, params: &E::Params) -> Result where - CS: ConstraintSystem, + CS: ConstraintSystem, { // Compute T = (x1 + y1) * (x1 + y1) let t = AllocatedNum::alloc(cs.namespace(|| "T"), || { @@ -395,7 +395,7 @@ impl EdwardsPoint { params: &E::Params, ) -> Result where - CS: ConstraintSystem, + CS: ConstraintSystem, { // Compute U = (x1 + y1) * (x2 + y2) let u = AllocatedNum::alloc(cs.namespace(|| "U"), || { @@ -492,8 +492,8 @@ impl EdwardsPoint { } pub struct MontgomeryPoint { - x: Num, - y: Num, + x: Num, + y: Num, } impl MontgomeryPoint { @@ -506,7 +506,7 @@ impl MontgomeryPoint { params: &E::Params, ) -> Result, SynthesisError> where - CS: ConstraintSystem, + CS: ConstraintSystem, { // Compute u = (scale*x) / y let u = AllocatedNum::alloc(cs.namespace(|| "u"), || { @@ -558,7 +558,7 @@ impl MontgomeryPoint { /// in Montgomery, does not check that it's /// on the curve. Useful for constants and /// window table lookups. - pub fn interpret_unchecked(x: Num, y: Num) -> Self { + pub fn interpret_unchecked(x: Num, y: Num) -> Self { MontgomeryPoint { x, y } } @@ -571,7 +571,7 @@ impl MontgomeryPoint { params: &E::Params, ) -> Result where - CS: ConstraintSystem, + CS: ConstraintSystem, { // Compute lambda = (y' - y) / (x' - x) let lambda = AllocatedNum::alloc(cs.namespace(|| "lambda"), || { @@ -673,7 +673,7 @@ mod test { ]); for _ in 0..100 { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let p = montgomery::Point::::rand(rng, params); let (u, v) = edwards::Point::from_montgomery(&p, params).to_xy(); @@ -682,7 +682,7 @@ mod test { let numx = AllocatedNum::alloc(cs.namespace(|| "mont x"), || Ok(x)).unwrap(); let numy = AllocatedNum::alloc(cs.namespace(|| "mont y"), || Ok(y)).unwrap(); - let p = MontgomeryPoint::interpret_unchecked(numx.into(), numy.into()); + let p = MontgomeryPoint::::interpret_unchecked(numx.into(), numy.into()); let q = p.into_edwards(&mut cs, params).unwrap(); @@ -713,7 +713,7 @@ mod test { for _ in 0..100 { let p = edwards::Point::::rand(rng, ¶ms); - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let q = EdwardsPoint::witness(&mut cs, Some(p.clone()), ¶ms).unwrap(); let p = p.to_xy(); @@ -727,11 +727,11 @@ mod test { let p = edwards::Point::::rand(rng, ¶ms); let (x, y) = p.to_xy(); - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let numx = AllocatedNum::alloc(cs.namespace(|| "x"), || Ok(x)).unwrap(); let numy = AllocatedNum::alloc(cs.namespace(|| "y"), || Ok(y)).unwrap(); - let p = EdwardsPoint::interpret(&mut cs, &numx, &numy, ¶ms).unwrap(); + let p = EdwardsPoint::::interpret(&mut cs, &numx, &numy, ¶ms).unwrap(); assert!(cs.is_satisfied()); assert_eq!(p.x.get_value().unwrap(), x); @@ -743,11 +743,11 @@ mod test { let x = Fr::random(rng); let y = Fr::random(rng); - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let numx = AllocatedNum::alloc(cs.namespace(|| "x"), || Ok(x)).unwrap(); let numy = AllocatedNum::alloc(cs.namespace(|| "y"), || Ok(y)).unwrap(); - EdwardsPoint::interpret(&mut cs, &numx, &numy, ¶ms).unwrap(); + EdwardsPoint::::interpret(&mut cs, &numx, &numy, ¶ms).unwrap(); assert_eq!(cs.which_is_unsatisfied().unwrap(), "on curve check"); } @@ -762,7 +762,7 @@ mod test { ]); for _ in 0..100 { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let p = params.generator(FixedGenerators::NoteCommitmentRandomness); let s = Fs::random(rng); @@ -783,7 +783,7 @@ mod test { .map(|v| Boolean::from(v)) .collect::>(); - let q = fixed_base_multiplication( + let q = fixed_base_multiplication::( cs.namespace(|| "multiplication"), FixedGenerators::NoteCommitmentRandomness, &s_bits, @@ -805,7 +805,7 @@ mod test { ]); for _ in 0..100 { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let p = edwards::Point::::rand(rng, params); let s = Fs::random(rng); @@ -817,7 +817,7 @@ mod test { let num_x0 = AllocatedNum::alloc(cs.namespace(|| "x0"), || Ok(x0)).unwrap(); let num_y0 = AllocatedNum::alloc(cs.namespace(|| "y0"), || Ok(y0)).unwrap(); - let p = EdwardsPoint { + let p = EdwardsPoint:: { x: num_x0, y: num_y0, }; @@ -857,7 +857,7 @@ mod test { ]); for _ in 0..1000 { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let p = edwards::Point::::rand(rng, params); @@ -866,7 +866,7 @@ mod test { let num_x0 = AllocatedNum::alloc(cs.namespace(|| "x0"), || Ok(x0)).unwrap(); let num_y0 = AllocatedNum::alloc(cs.namespace(|| "y0"), || Ok(y0)).unwrap(); - let p = EdwardsPoint { + let p = EdwardsPoint:: { x: num_x0, y: num_y0, }; @@ -933,7 +933,7 @@ mod test { let (x1, y1) = p2.to_xy(); let (x2, y2) = p3.to_xy(); - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let num_x0 = AllocatedNum::alloc(cs.namespace(|| "x0"), || Ok(x0)).unwrap(); let num_y0 = AllocatedNum::alloc(cs.namespace(|| "y0"), || Ok(y0)).unwrap(); @@ -941,7 +941,7 @@ mod test { let num_x1 = AllocatedNum::alloc(cs.namespace(|| "x1"), || Ok(x1)).unwrap(); let num_y1 = AllocatedNum::alloc(cs.namespace(|| "y1"), || Ok(y1)).unwrap(); - let p1 = EdwardsPoint { + let p1 = EdwardsPoint:: { x: num_x0, y: num_y0, }; @@ -993,12 +993,12 @@ mod test { let (x0, y0) = p1.to_xy(); let (x1, y1) = p2.to_xy(); - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let num_x0 = AllocatedNum::alloc(cs.namespace(|| "x0"), || Ok(x0)).unwrap(); let num_y0 = AllocatedNum::alloc(cs.namespace(|| "y0"), || Ok(y0)).unwrap(); - let p1 = EdwardsPoint { + let p1 = EdwardsPoint:: { x: num_x0, y: num_y0, }; @@ -1047,7 +1047,7 @@ mod test { let (x1, y1) = p2.to_xy().unwrap(); let (x2, y2) = p3.to_xy().unwrap(); - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let num_x0 = AllocatedNum::alloc(cs.namespace(|| "x0"), || Ok(x0)).unwrap(); let num_y0 = AllocatedNum::alloc(cs.namespace(|| "y0"), || Ok(y0)).unwrap(); @@ -1055,7 +1055,7 @@ mod test { let num_x1 = AllocatedNum::alloc(cs.namespace(|| "x1"), || Ok(x1)).unwrap(); let num_y1 = AllocatedNum::alloc(cs.namespace(|| "y1"), || Ok(y1)).unwrap(); - let p1 = MontgomeryPoint { + let p1 = MontgomeryPoint:: { x: num_x0.into(), y: num_y0.into(), }; @@ -1092,7 +1092,7 @@ mod test { let params = &JubjubBls12::new(); let check_small_order_from_p = |p: edwards::Point, is_small_order| { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let p = EdwardsPoint::witness(&mut cs, Some(p), params).unwrap(); assert!(cs.is_satisfied()); diff --git a/zcash_proofs/src/circuit/pedersen_hash.rs b/zcash_proofs/src/circuit/pedersen_hash.rs index 18c2aae1c..43278a75c 100644 --- a/zcash_proofs/src/circuit/pedersen_hash.rs +++ b/zcash_proofs/src/circuit/pedersen_hash.rs @@ -22,7 +22,7 @@ pub fn pedersen_hash( params: &E::Params, ) -> Result, SynthesisError> where - CS: ConstraintSystem, + CS: ConstraintSystem, { let personalization = get_constant_bools(&personalization); assert_eq!(personalization.len(), 6); @@ -162,7 +162,7 @@ mod test { ] .iter() { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let input: Vec = (0..n_bits).map(|_| rng.next_u32() % 2 != 0).collect(); @@ -177,7 +177,7 @@ mod test { }) .collect(); - pedersen_hash( + pedersen_hash::( cs.namespace(|| "pedersen hash"), Personalization::NoteCommitment, &input_bools, @@ -212,7 +212,7 @@ mod test { for _ in 0..5 { let input: Vec = (0..length).map(|_| rng.next_u32() % 2 != 0).collect(); - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let input_bools: Vec = input .iter() @@ -225,7 +225,7 @@ mod test { }) .collect(); - let res = pedersen_hash( + let res = pedersen_hash::( cs.namespace(|| "pedersen hash"), Personalization::MerkleTree(1), &input_bools, @@ -278,7 +278,7 @@ mod test { for length in 300..302 { let input: Vec = (0..length).map(|_| rng.next_u32() % 2 != 0).collect(); - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let input_bools: Vec = input .iter() @@ -291,7 +291,7 @@ mod test { }) .collect(); - let res = pedersen_hash( + let res = pedersen_hash::( cs.namespace(|| "pedersen hash"), Personalization::MerkleTree(1), &input_bools, diff --git a/zcash_proofs/src/circuit/sapling.rs b/zcash_proofs/src/circuit/sapling.rs index fe20e4fde..7aecb825c 100644 --- a/zcash_proofs/src/circuit/sapling.rs +++ b/zcash_proofs/src/circuit/sapling.rs @@ -74,7 +74,7 @@ fn expose_value_commitment( ) -> Result, SynthesisError> where E: JubjubEngine, - CS: ConstraintSystem, + CS: ConstraintSystem, { // Booleanize the value into little-endian bit order let value_bits = boolean::u64_into_boolean_vec_le( @@ -83,7 +83,7 @@ where )?; // Compute the note value in the exponent - let value = ecc::fixed_base_multiplication( + let value = ecc::fixed_base_multiplication::( cs.namespace(|| "compute the value in the exponent"), FixedGenerators::ValueCommitmentValue, &value_bits, @@ -99,7 +99,7 @@ where )?; // Compute the randomness in the exponent - let rcv = ecc::fixed_base_multiplication( + let rcv = ecc::fixed_base_multiplication::( cs.namespace(|| "computation of rcv"), FixedGenerators::ValueCommitmentRandomness, &rcv, @@ -115,8 +115,8 @@ where Ok(value_bits) } -impl<'a, E: JubjubEngine> Circuit for Spend<'a, E> { - fn synthesize>(self, cs: &mut CS) -> Result<(), SynthesisError> { +impl<'a, E: JubjubEngine> Circuit for Spend<'a, E> { + fn synthesize>(self, cs: &mut CS) -> Result<(), SynthesisError> { // Prover witnesses ak (ensures that it's on the curve) let ak = ecc::EdwardsPoint::witness( cs.namespace(|| "ak"), @@ -134,7 +134,7 @@ impl<'a, E: JubjubEngine> Circuit for Spend<'a, E> { let ar = boolean::field_into_boolean_vec_le(cs.namespace(|| "ar"), self.ar)?; // Compute the randomness in the exponent - let ar = ecc::fixed_base_multiplication( + let ar = ecc::fixed_base_multiplication::( cs.namespace(|| "computation of randomization for the signing key"), FixedGenerators::SpendingKeyGenerator, &ar, @@ -161,7 +161,7 @@ impl<'a, E: JubjubEngine> Circuit for Spend<'a, E> { // congruency then that's equivalent. // Compute nk = [nsk] ProvingPublicKey - nk = ecc::fixed_base_multiplication( + nk = ecc::fixed_base_multiplication::( cs.namespace(|| "computation of nk"), FixedGenerators::ProofGenerationKey, &nsk, @@ -266,7 +266,7 @@ impl<'a, E: JubjubEngine> Circuit for Spend<'a, E> { ); // Compute the hash of the note contents - let mut cm = pedersen_hash::pedersen_hash( + let mut cm = pedersen_hash::pedersen_hash::( cs.namespace(|| "note content hash"), pedersen_hash::Personalization::NoteCommitment, ¬e_contents, @@ -281,7 +281,7 @@ impl<'a, E: JubjubEngine> Circuit for Spend<'a, E> { )?; // Compute the note commitment randomness in the exponent - let rcm = ecc::fixed_base_multiplication( + let rcm = ecc::fixed_base_multiplication::( cs.namespace(|| "computation of commitment randomness"), FixedGenerators::NoteCommitmentRandomness, &rcm, @@ -342,7 +342,7 @@ impl<'a, E: JubjubEngine> Circuit for Spend<'a, E> { preimage.extend(xr.to_bits_le(cs.namespace(|| "xr into bits"))?); // Compute the new subtree value - cur = pedersen_hash::pedersen_hash( + cur = pedersen_hash::pedersen_hash::( cs.namespace(|| "computation of pedersen hash"), pedersen_hash::Personalization::MerkleTree(i), &preimage, @@ -379,7 +379,7 @@ impl<'a, E: JubjubEngine> Circuit for Spend<'a, E> { let mut rho = cm; { // Compute the position in the exponent - let position = ecc::fixed_base_multiplication( + let position = ecc::fixed_base_multiplication::( cs.namespace(|| "g^position"), FixedGenerators::NullifierPosition, &position_bits, @@ -410,8 +410,8 @@ impl<'a, E: JubjubEngine> Circuit for Spend<'a, E> { } } -impl<'a, E: JubjubEngine> Circuit for Output<'a, E> { - fn synthesize>(self, cs: &mut CS) -> Result<(), SynthesisError> { +impl<'a, E: JubjubEngine> Circuit for Output<'a, E> { + fn synthesize>(self, cs: &mut CS) -> Result<(), SynthesisError> { // Let's start to construct our note, which contains // value (big endian) let mut note_contents = vec![]; @@ -494,7 +494,7 @@ impl<'a, E: JubjubEngine> Circuit for Output<'a, E> { ); // Compute the hash of the note contents - let mut cm = pedersen_hash::pedersen_hash( + let mut cm = pedersen_hash::pedersen_hash::( cs.namespace(|| "note content hash"), pedersen_hash::Personalization::NoteCommitment, ¬e_contents, @@ -509,7 +509,7 @@ impl<'a, E: JubjubEngine> Circuit for Output<'a, E> { )?; // Compute the note commitment randomness in the exponent - let rcm = ecc::fixed_base_multiplication( + let rcm = ecc::fixed_base_multiplication::( cs.namespace(|| "computation of commitment randomness"), FixedGenerators::NoteCommitmentRandomness, &rcm, @@ -556,7 +556,7 @@ fn test_input_circuit_with_bls12_381() { let tree_depth = 32; for _ in 0..10 { - let value_commitment = ValueCommitment { + let value_commitment = ValueCommitment:: { value: rng.next_u64(), randomness: fs::Fs::random(rng), }; @@ -638,10 +638,10 @@ fn test_input_circuit_with_bls12_381() { let expected_nf = note.nf(&viewing_key, position, params); let expected_nf = multipack::bytes_to_bits_le(&expected_nf); - let expected_nf = multipack::compute_multipacking::(&expected_nf); + let expected_nf = multipack::compute_multipacking(&expected_nf); assert_eq!(expected_nf.len(), 2); - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let instance = Spend { params, @@ -732,7 +732,7 @@ fn test_input_circuit_with_bls12_381_external_test_vectors() { ]; for i in 0..10 { - let value_commitment = ValueCommitment { + let value_commitment = ValueCommitment:: { value: i, randomness: fs::Fs::from_str(&(1000 * (i + 1)).to_string()).unwrap(), }; @@ -822,10 +822,10 @@ fn test_input_circuit_with_bls12_381_external_test_vectors() { let expected_nf = note.nf(&viewing_key, position, params); let expected_nf = multipack::bytes_to_bits_le(&expected_nf); - let expected_nf = multipack::compute_multipacking::(&expected_nf); + let expected_nf = multipack::compute_multipacking(&expected_nf); assert_eq!(expected_nf.len(), 2); - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let instance = Spend { params: params, @@ -887,7 +887,7 @@ fn test_output_circuit_with_bls12_381() { ]); for _ in 0..100 { - let value_commitment = ValueCommitment { + let value_commitment = ValueCommitment:: { value: rng.next_u64(), randomness: fs::Fs::random(rng), }; @@ -921,7 +921,7 @@ fn test_output_circuit_with_bls12_381() { let esk = fs::Fs::random(rng); { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::new(); let instance = Output { params, diff --git a/zcash_proofs/src/circuit/sprout/commitment.rs b/zcash_proofs/src/circuit/sprout/commitment.rs index fba121738..367be9caf 100644 --- a/zcash_proofs/src/circuit/sprout/commitment.rs +++ b/zcash_proofs/src/circuit/sprout/commitment.rs @@ -1,9 +1,9 @@ use bellman::gadgets::boolean::Boolean; use bellman::gadgets::sha256::sha256; use bellman::{ConstraintSystem, SynthesisError}; -use pairing::Engine; +use ff::PrimeField; -pub fn note_comm( +pub fn note_comm( cs: CS, a_pk: &[Boolean], value: &[Boolean], @@ -11,8 +11,8 @@ pub fn note_comm( r: &[Boolean], ) -> Result, SynthesisError> where - E: Engine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { assert_eq!(a_pk.len(), 256); assert_eq!(value.len(), 64); diff --git a/zcash_proofs/src/circuit/sprout/input.rs b/zcash_proofs/src/circuit/sprout/input.rs index a2726d41a..b2e0d6ced 100644 --- a/zcash_proofs/src/circuit/sprout/input.rs +++ b/zcash_proofs/src/circuit/sprout/input.rs @@ -1,7 +1,7 @@ use bellman::gadgets::boolean::{AllocatedBit, Boolean}; use bellman::gadgets::sha256::sha256_block_no_padding; use bellman::{ConstraintSystem, SynthesisError}; -use pairing::Engine; +use ff::PrimeField; use super::commitment::note_comm; use super::prfs::*; @@ -13,7 +13,7 @@ pub struct InputNote { } impl InputNote { - pub fn compute( + pub fn compute( mut cs: CS, a_sk: Option, rho: Option, @@ -25,8 +25,8 @@ impl InputNote { rt: &[Boolean], ) -> Result where - E: Engine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { let a_sk = witness_u252( cs.namespace(|| "a_sk"), @@ -106,7 +106,7 @@ impl InputNote { // if enforce is one, they must be equal cs.enforce( || format!("conditionally enforce correct root for bit {}", i), - |_| cur.lc(CS::one(), E::Fr::one()) - &rt.lc(CS::one(), E::Fr::one()), + |_| cur.lc(CS::one(), Scalar::one()) - &rt.lc(CS::one(), Scalar::one()), |lc| lc + enforce.get_variable(), |lc| lc, ); @@ -118,15 +118,15 @@ impl InputNote { /// Swaps two 256-bit blobs conditionally, returning the /// 512-bit concatenation. -pub fn conditionally_swap_u256( +pub fn conditionally_swap_u256( mut cs: CS, lhs: &[Boolean], rhs: &[Boolean], condition: &AllocatedBit, ) -> Result, SynthesisError> where - E: Engine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { assert_eq!(lhs.len(), 256); assert_eq!(rhs.len(), 256); @@ -155,9 +155,9 @@ where // x = rhs cs.enforce( || "conditional swap for x", - |lc| lc + &rhs.lc(CS::one(), E::Fr::one()) - &lhs.lc(CS::one(), E::Fr::one()), + |lc| lc + &rhs.lc(CS::one(), Scalar::one()) - &lhs.lc(CS::one(), Scalar::one()), |lc| lc + condition.get_variable(), - |lc| lc + &x.lc(CS::one(), E::Fr::one()) - &lhs.lc(CS::one(), E::Fr::one()), + |lc| lc + &x.lc(CS::one(), Scalar::one()) - &lhs.lc(CS::one(), Scalar::one()), ); let y = Boolean::from(AllocatedBit::alloc( @@ -171,9 +171,9 @@ where // y - rhs = condition (lhs - rhs) cs.enforce( || "conditional swap for y", - |lc| lc + &lhs.lc(CS::one(), E::Fr::one()) - &rhs.lc(CS::one(), E::Fr::one()), + |lc| lc + &lhs.lc(CS::one(), Scalar::one()) - &rhs.lc(CS::one(), Scalar::one()), |lc| lc + condition.get_variable(), - |lc| lc + &y.lc(CS::one(), E::Fr::one()) - &rhs.lc(CS::one(), E::Fr::one()), + |lc| lc + &y.lc(CS::one(), Scalar::one()) - &rhs.lc(CS::one(), Scalar::one()), ); new_lhs.push(x); diff --git a/zcash_proofs/src/circuit/sprout/mod.rs b/zcash_proofs/src/circuit/sprout/mod.rs index 6afe67793..b2653ab24 100644 --- a/zcash_proofs/src/circuit/sprout/mod.rs +++ b/zcash_proofs/src/circuit/sprout/mod.rs @@ -13,8 +13,7 @@ use bellman::gadgets::boolean::{AllocatedBit, Boolean}; use bellman::gadgets::multipack::pack_into_inputs; use bellman::{Circuit, ConstraintSystem, LinearCombination, SynthesisError}; -use ff::Field; -use pairing::Engine; +use ff::PrimeField; mod commitment; mod input; @@ -55,8 +54,8 @@ pub struct JSOutput { pub r: Option, } -impl Circuit for JoinSplit { - fn synthesize>(self, cs: &mut CS) -> Result<(), SynthesisError> { +impl Circuit for JoinSplit { + fn synthesize>(self, cs: &mut CS) -> Result<(), SynthesisError> { assert_eq!(self.inputs.len(), 2); assert_eq!(self.outputs.len(), 2); @@ -219,10 +218,10 @@ pub struct NoteValue { } impl NoteValue { - fn new(mut cs: CS, value: Option) -> Result + fn new(mut cs: CS, value: Option) -> Result where - E: Engine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { let mut values; match value { @@ -262,10 +261,10 @@ impl NoteValue { /// Computes this value as a linear combination of /// its bits. - fn lc(&self) -> LinearCombination { + fn lc(&self) -> LinearCombination { let mut tmp = LinearCombination::zero(); - let mut coeff = E::Fr::one(); + let mut coeff = Scalar::one(); for b in &self.bits { tmp = tmp + (coeff, b.get_variable()); coeff = coeff.double(); @@ -281,15 +280,15 @@ impl NoteValue { /// Witnesses some bytes in the constraint system, /// skipping the first `skip_bits`. -fn witness_bits( +fn witness_bits( mut cs: CS, value: Option<&[u8]>, num_bits: usize, skip_bits: usize, ) -> Result, SynthesisError> where - E: Engine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { let bit_values = if let Some(value) = value { let mut tmp = vec![]; @@ -318,18 +317,18 @@ where Ok(bits) } -fn witness_u256(cs: CS, value: Option<&[u8]>) -> Result, SynthesisError> +fn witness_u256(cs: CS, value: Option<&[u8]>) -> Result, SynthesisError> where - E: Engine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { witness_bits(cs, value, 256, 0) } -fn witness_u252(cs: CS, value: Option<&[u8]>) -> Result, SynthesisError> +fn witness_u252(cs: CS, value: Option<&[u8]>) -> Result, SynthesisError> where - E: Engine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { witness_bits(cs, value, 252, 4) } @@ -338,7 +337,7 @@ where #[ignore] fn test_sprout_constraints() { use bellman::gadgets::test::*; - use pairing::bls12_381::Bls12; + use pairing::bls12_381::Fr; use byteorder::{LittleEndian, ReadBytesExt, WriteBytesExt}; @@ -356,7 +355,7 @@ fn test_sprout_constraints() { } while test_vector.len() != 0 { - let mut cs = TestConstraintSystem::::new(); + let mut cs = TestConstraintSystem::::new(); let phi = Some(get_u256(&mut test_vector)); let rt = Some(get_u256(&mut test_vector)); @@ -462,7 +461,7 @@ fn test_sprout_constraints() { use bellman::gadgets::multipack; let expected_inputs = multipack::bytes_to_bits(&expected_inputs); - let expected_inputs = multipack::compute_multipacking::(&expected_inputs); + let expected_inputs = multipack::compute_multipacking(&expected_inputs); assert!(cs.verify(&expected_inputs)); } diff --git a/zcash_proofs/src/circuit/sprout/output.rs b/zcash_proofs/src/circuit/sprout/output.rs index 73a98514a..6360f4122 100644 --- a/zcash_proofs/src/circuit/sprout/output.rs +++ b/zcash_proofs/src/circuit/sprout/output.rs @@ -1,6 +1,6 @@ use bellman::gadgets::boolean::Boolean; use bellman::{ConstraintSystem, SynthesisError}; -use pairing::Engine; +use ff::PrimeField; use super::commitment::note_comm; use super::prfs::*; @@ -11,7 +11,7 @@ pub struct OutputNote { } impl OutputNote { - pub fn compute( + pub fn compute( mut cs: CS, a_pk: Option, value: &NoteValue, @@ -21,8 +21,8 @@ impl OutputNote { nonce: bool, ) -> Result where - E: Engine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { let rho = prf_rho(cs.namespace(|| "rho"), phi, h_sig, nonce)?; diff --git a/zcash_proofs/src/circuit/sprout/prfs.rs b/zcash_proofs/src/circuit/sprout/prfs.rs index ea87b08d4..240538a9f 100644 --- a/zcash_proofs/src/circuit/sprout/prfs.rs +++ b/zcash_proofs/src/circuit/sprout/prfs.rs @@ -1,9 +1,9 @@ use bellman::gadgets::boolean::Boolean; use bellman::gadgets::sha256::sha256_block_no_padding; use bellman::{ConstraintSystem, SynthesisError}; -use pairing::Engine; +use ff::PrimeField; -fn prf( +fn prf( cs: CS, a: bool, b: bool, @@ -13,8 +13,8 @@ fn prf( y: &[Boolean], ) -> Result, SynthesisError> where - E: Engine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { assert_eq!(x.len(), 252); assert_eq!(y.len(), 256); @@ -32,10 +32,10 @@ where sha256_block_no_padding(cs, &image) } -pub fn prf_a_pk(cs: CS, a_sk: &[Boolean]) -> Result, SynthesisError> +pub fn prf_a_pk(cs: CS, a_sk: &[Boolean]) -> Result, SynthesisError> where - E: Engine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { prf( cs, @@ -50,40 +50,40 @@ where ) } -pub fn prf_nf( +pub fn prf_nf( cs: CS, a_sk: &[Boolean], rho: &[Boolean], ) -> Result, SynthesisError> where - E: Engine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { prf(cs, true, true, true, false, a_sk, rho) } -pub fn prf_pk( +pub fn prf_pk( cs: CS, a_sk: &[Boolean], h_sig: &[Boolean], nonce: bool, ) -> Result, SynthesisError> where - E: Engine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { prf(cs, false, nonce, false, false, a_sk, h_sig) } -pub fn prf_rho( +pub fn prf_rho( cs: CS, phi: &[Boolean], h_sig: &[Boolean], nonce: bool, ) -> Result, SynthesisError> where - E: Engine, - CS: ConstraintSystem, + Scalar: PrimeField, + CS: ConstraintSystem, { prf(cs, false, nonce, true, false, phi, h_sig) } diff --git a/zcash_proofs/src/sapling/prover.rs b/zcash_proofs/src/sapling/prover.rs index f7b037343..cc3898e06 100644 --- a/zcash_proofs/src/sapling/prover.rs +++ b/zcash_proofs/src/sapling/prover.rs @@ -145,7 +145,7 @@ impl SaplingProvingContext { // Add the nullifier through multiscalar packing { let nullifier = multipack::bytes_to_bits_le(&nullifier); - let nullifier = multipack::compute_multipacking::(&nullifier); + let nullifier = multipack::compute_multipacking(&nullifier); assert_eq!(nullifier.len(), 2); diff --git a/zcash_proofs/src/sapling/verifier.rs b/zcash_proofs/src/sapling/verifier.rs index b8869129a..32e4d8ca8 100644 --- a/zcash_proofs/src/sapling/verifier.rs +++ b/zcash_proofs/src/sapling/verifier.rs @@ -97,7 +97,7 @@ impl SaplingVerificationContext { // Add the nullifier through multiscalar packing { let nullifier = multipack::bytes_to_bits_le(nullifier); - let nullifier = multipack::compute_multipacking::(&nullifier); + let nullifier = multipack::compute_multipacking(&nullifier); assert_eq!(nullifier.len(), 2); diff --git a/zcash_proofs/src/sprout.rs b/zcash_proofs/src/sprout.rs index 30ec8217f..efd0508ec 100644 --- a/zcash_proofs/src/sprout.rs +++ b/zcash_proofs/src/sprout.rs @@ -161,7 +161,7 @@ pub fn verify_proof( public_input.extend(&vpub_new.to_le_bytes()); let public_input = multipack::bytes_to_bits(&public_input); - let public_input = multipack::compute_multipacking::(&public_input); + let public_input = multipack::compute_multipacking(&public_input); let proof = match Proof::read(&proof[..]) { Ok(p) => p,